Thread Nagios - check_wmi mit spaces / blanks (16 answers)
Opened by pc-dok at 2014-10-16 08:41

GwenDragon
 2014-10-16 11:22
#177845 #177845
User since
2005-01-17
14532 Artikel
Admin1
[Homepage]
user image
kurzes Testcase, das zeigt, dass read falsch aufsplittet.
Code: (dl )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#!/bin/bash

DEBUG=0
EXITCODE=0
EXITSTRING=""
LASTSTR=""
MARCOLIST="ITEMCOUNT,LASTSTR"
ERROR_EVENTTYPE=""

E_SUCCESS="0"
E_WARNING="1"
E_CRITICAL="2"
E_UNKNOWN="3"



## TMP directory where wmic outputs 

TMPDIR=/tmp

## WMIC binary

WMIC=/bin/wmic

## Custom exit test , can be set as an argumenten in command  line as  -O ,-W ,-C, -U 

CUSTOM_EXIT_STR[$E_SUCCESS]=""
CUSTOM_EXIT_STR[$E_WARNING]=""
CUSTOM_EXIT_STR[$E_CRITICAL]=""
CUSTOM_EXIT_STR[$E_UNKNOWN]=""


##


E_STR[0]="OK"
E_STR[1]="WARNING"
E_STR[2]="CRITICAL"
E_STR[3]="UNKNOWN"

ETYPE[1]="Error"
ETYPE[2]="Warning" 
ETYPE[3]="Information"
ETYPE[4]="Security Audit Success"
ETYPE[5]="Security Audit Failure"


while getopts "hH:u:p:l:t:e:s:Sw:c:m:W:C:O:U:dv" OPTION
do
     case $OPTION in
         H)
             HOST=$OPTARG
             ;;
         u)
             USER=$OPTARG
             ;;
         p)
             PASSWD=$OPTARG
             ;;
         l)
             LOGFILE="$OPTARG"
             ;;
     esac
done


function WQL_Constructor 
{
  local WS=$1
  local WS_FIELD=$2
  local WS_TYPE=$3              
  if [ -n "$WS" ]
  then
        local WS_WQL=" ( "
        INDEX=0
        IFS=', ' read -a WS_ARRAY <<< "$WS"

        for WS_ELEMENT in ${WS_ARRAY[@]}
                do
                        ((INDEX++))
                        if [[ $WS_TYPE == "like" ]]
                        then
                                WS_WQL+=$WS_FIELD' like "%'$WS_ELEMENT'%"'
                        else
                                WS_WQL+=$WS_FIELD' = "'$WS_ELEMENT'"'
                        fi 
        
                        if [ $INDEX -lt "${#WS_ARRAY[@]}" ]
                        then
                                WS_WQL+=" or "
                        else
                                WS_WQL+=" ) and "
                        fi


        done
  fi
echo $WS_WQL
}

EXTRA_WQL=" "$(WQL_Constructor "$LOGFILE"  "Logfile" "" )
echo $EXTRA_WQL


WQL='Select EventCode,EventIdentifier,EventType,SourceName from Win32_NTLogEvent where '$EXTRA_WQL'  TimeGenerated > "'$NOW'"'
##WQL='Select EventCode,EventIdentifier,EventType from Win32_NTLogEvent where logfile="'$LOGFILE'" and eventcode='$EVENTID'  and TimeGenerated > "'$NOW'" '$EXTRA_WQL


echo "$WMIC --namespace root/cimv2  -U $USER%$PASSWD //$HOST '--delimiter=\"|\"'  '"$WQL"'"


debian:~# ./x.sh -l "test OK"
( Logfile = "test" or Logfile = "OK" ) and
/bin/wmic --namespace root/cimv2 -U root% // '--delimiter="|"' 'Select EventCode,EventIdentifier,EventType,SourceName from Win32_NTLogEvent where ( Logfile = "test" or Logfile = "OK" ) and TimeGenerated > "20141016111726.000000+120"'
Last edited: 2014-10-16 11:41:09 +0200 (CEST)
die Drachin, Gwendolyn

Unterschiedliche Perl-Versionen auf Windows (fast wie perlbrew) • Meine Perl-Artikel

View full thread Nagios - check_wmi mit spaces / blanks