NSClient++ Help (#1) - Monitoring 16 Bit Applications (#325) - Message List
Hi All!
I'm trying to use checkProcState to check whether a certain program is running. The problem I have is that this program is 16 Bit and therefore runs underneath the NTVDM.exe process, together with wowexec.exe. I can see them both in the Task Manager but haven't been able to find using either the checkProcState or WMI. Does anybody have an idea, or an alternative how to monitor this?
Thanks a bunch!
-
Message #965
LOL, 16 bit (again) this was reported before and "Might" be added at some point, it is "problematic" to do such unfortunetly... perhaps it is time to upgrade that realy old vb program? :)
But I shall see what I can do, at the moment I am busy writing new build scripts.... :/
MickeM
mickem01/13/09 20:59:56 (3 years ago)-
Message #978
Hi! Thanks for your reply! The problem with updating this app is: we cant =( It's part of our time tracking system and the hardware the program talks to is too old for anything else and nobody wants to upgrade it (at least not until it stops working...) Is there a way that might work? You don't have to add this just for me/us. It's not that important to be able to monitor this app.
Anyhow, thanks again for your reply! Cheers Phil
Phil Bieber01/15/09 08:49:02 (3 years ago)-
Message #998
Added "experimental support" for 16 bit checking. It would be interesting to see if this works for you, as of now (latest nightly) it will always check 16 bit apps, there is also a race condition as well as other multi tasking problems (all checks currently share a common buffer) so I need to fix that. But it would be nice too know if this *works* :)
I tried it with a 16 bit programmers file editor and it works splendidly but you never know :)
MickeM
anonymous01/22/09 08:26:33 (3 years ago)-
Message #1009
I'm trying it right now!
Thanks a lot!
Cheers Phil Bieber
Phil Bieber01/23/09 12:54:18 (3 years ago)-
Message #1010
notice new nighlt has a canged name as well as an option you need to add (check blog for details) but in short:
CheckProcState 16bit old-program.exe=started
MickeM
anonymous01/23/09 13:39:12 (3 years ago) -
Message #1012
Hi again :)
I have just read your second post just now!
When issuing the 16bit parameter it works quite well!
Thanks a real big bunch for your effort!
Cheers Phil Bieber
Phil Bieber01/23/09 14:00:12 (3 years ago)
-
-
Message #1011
Hi! I tested your revisions, but I think I've done something wrong. I downloaded the most recent nightly build (ZIP file), extracted the containing ZIP file first (NSClient++-Win32-20090123-0715.zip), then copied the content of the main one (NSClient++-Win32-20090123-0722.zip)over to the same folder and overwrote the older stuff. Then I went to the machine I wnat to check, uninstalled the service, copied everything from my machine to the remote machine, only leaving the NSC.ini in place. From my Nagios, I entered the following: check_nrpe -H <remotemachine> -c checkProcState -a 3964r.exe=started
and got a "CRITICAL" back. I tried to change the service's username from the local system account to various others (Domain Administrator, local user that is running the process) but to no avail.
I tried running the check in the test mode and here is the output:
########################OUTPUT START####################### Launching test mode - client mode d \NSClient++.cpp(416) Attempting to start NSCLient++ - 0.3.6.174 2009-01-23 d \NSClient++.cpp(819) Loading plugin: CheckDisk... d \NSClient++.cpp(819) Loading plugin: Event log Checker.... d \NSClient++.cpp(819) Loading plugin: Helper function... d \NSClient++.cpp(819) Loading plugin: CheckSystem... d \PDHCollector.cpp(66) Autodetected w2k or later, using w2k PDH counters. d \NSClient++.cpp(819) Loading plugin: CheckWMI... d \PDHCollector.cpp(103) Using index to retrive counternames d \NSClient++.cpp(819) Loading plugin: File logger... l \FileLogger.cpp(93) Log path is: C:\Programme\NSCP\\nsclient.log d \PDHCollector.cpp(123) Found countername: CPU: \Prozessor(_total)\Prozessor zeit (%) d \NSClient++.cpp(819) Loading plugin: NRPE server (w/ SSL)... d \PDHCollector.cpp(124) Found countername: UPTIME: \System\Systembetriebszeit d \PDHCollector.cpp(125) Found countername: MCL: \Speicher\Zusagegrenze d \PDHCollector.cpp(126) Found countername: MCB: \Speicher\Zugesicherte Bytes d \NSClient++.cpp(819) Loading plugin: SystemTray... d \Socket.h(637) Bound to: 0.0.0.0:5666 e \SysTray.cpp(51) SysTray is not installed (or it cannot interact with the desk top) SysTray won't be loaded. Run NSClient++ SysTray install to change this. l \NSClient++.cpp(522) NSCLient++ - 0.3.6.174 2009-01-23 Started! l \NSClient++.cpp(324) Using settings from: INI-file l \NSClient++.cpp(325) Enter command to inject or exit to terminate... checkProcState 3964.exe=started d \NSClient++.cpp(956) Injecting: checkProcState: 3964.exe=started l \CheckSystem.cpp(794) Failed to open process: 176: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 176: Failed to open process: 176: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 672: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 672: Failed to open process: 672: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 952: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 952: Failed to open process: 952: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1160: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1160: Failed to open process: 1160: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1196: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1196: Failed to open process: 1196: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1208: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1208: Failed to open process: 1208: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1228: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1228: Failed to open process: 1228: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1276: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1276: Failed to open process: 1276: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 1280: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 1280: Failed to open process: 1280: 5: Zugriff verweigert l \CheckSystem.cpp(794) Failed to open process: 220: 5: Zugriff verweigert e \CheckSystem.cpp(791) Unhandled exception describing PID: 220: Failed to open process: 220: 5: Zugriff verweigert d \NSClient++.cpp(992) Injected Result: CRITICAL 'CRITICAL: 3964.exe: stopped (c ritical)' d \NSClient++.cpp(993) Injected Performance Result: '' CRITICAL:CRITICAL: 3964.exe: stopped (critical) ########################OUTPUT END#######################
Just for translation: "Zugriff verweigert" means "Access denied".
Can you help me, what I have done wrong? (Btw. 3964r.exe is running...)
Thanks again for putting effort into this!
Phil Bieber
Phil Bieber01/23/09 13:52:12 (3 years ago)-
Message #1013
HUmm, I am thinking here that maybe the client NSClient++ is running in as an unprivlaged account and does not have access to open the other process, If you have the ability you could try running NSCLinet++ in test-mode (NSClient++ /test) on the computer as admin and see if the errors go away.
I shall investigate things on my end. The errors could have been there before as any errors where never reported before...
MickeM
mickem01/23/09 14:01:54 (3 years ago)
-
-
-
-
