Use of dollar sign ($) in Nagios service checks
Tags dollar sign, mssql monitoring, nagios
Some MS Windows services have a literal dollar sign ($) when viewed in Windows Services. Most notably are MS SQL databases where the service name is MSSQL$DBNAME.
NOTE: In the above and what follows, "MSSQL" is literal as is the last "$" preceding DBNAME but DBANME itself would be whichever database name is in use on the specific hosts. We have at least one host with 3 separate DBNAMEs.
For Nagios 1.x I'd been able to add monitors by simply escaping the dollar sign in services.cfg as I would if checking from Linux command line so had to enter it as:
Later on upgrading to Nagios 3.x the above quit working. I found a nice FAQ written by Dietmar Lang in 2009 that explained we had to have two slashes and two dollar signs. Accordingly I changed monitor in services.cfg to check:
That solved the problem for Nagios 3.x.
Note the double quotes are literal - I don't think they're required but we put them on all our service monitors because they don't hurt anything and do allow for spaces in the service name.
After that others here upgraded to new servers and, at some point, to Nagios 4.x. Today I was notified that we had Nagios monitoring a Windows server for an MSSQL database that was displaying as "OK" but the server in question in fact has no MSSQL database (nor is MSSQL even installed). This is a false positive. On checking the entry in services.cfg on our Nagios server I found the entry as:
Note that the double quotes are literal as are the back ticks (not single quotes).
The resulting status information text on Nagios web page gave was:
OK: All services are in their appropriate state.
However, as noted it should NOT have been OK for the host in question. I could not fathom why the back ticks were there as I'd never used them in Nagios myself. For shell commands encapsulating in back ticks makes it execute what is between them and use the output instead but I couldn't see any reason why these would be in Nagios at this point as it is a service name not a "command".
As a test I went to a server and added monitor for "`MSSQL\\$$RALPH`" knowing that there was no database named "RALPH" for that server (or any of our servers for that matter). Sure enough after restarting Nagios and going to the browser it displayed the same status for RALPH:
OK: All services are in their appropriate state.
That confirmed that, as written, this syntax was giving false positives.
On trying to revert to the 3.x entries I last used "MSSQL\\$$DBNAME" it failed after restart of Nagios.
On doing research today I found various discussions including some that mentioned the same FAQ I'd seen before. It was this discussion I found today that was most helpful. Specifically this comment:
Based on that I changed my monitor text to read:
After restart of Nagios the web page now displayed a message more like I'd expect for a service check (i.e. It gives the name of the service in status detail rather than generic as it did above):
OK: MSSQL$DBNAME: started
As a test I then added an entry for "MSSQL\$$RALPH" and restarted. On checking this, the browser displayed:
CRITICAL: MSSQL$RALPH: not found (critical)
This was the correct response since database RALPH did not exist. This confirms the new syntax eliminates the false positive.
The key takeaway here is that the syntax used can vary depending on the version of Nagios used.
Much of the reading I did today seemed to vary between services.cfg and commands.cfg usage so just for completeness I'll note in our setup:
The actual check_command syntax (excluding real database names) used in services.cfg
That check_nscp_service is defined in commands.cfg as:
The $<TEXT>$ seen in commands.cfg are Nagios defined macros/variables discussed at:
https://assets.nagios.com/downloads/...macrolist.html
Hope the above helps.
NOTE: In the above and what follows, "MSSQL" is literal as is the last "$" preceding DBNAME but DBANME itself would be whichever database name is in use on the specific hosts. We have at least one host with 3 separate DBNAMEs.
For Nagios 1.x I'd been able to add monitors by simply escaping the dollar sign in services.cfg as I would if checking from Linux command line so had to enter it as:
Code:
MSSQL\$DBNAME
Code:
"MSSQL\\$$DBNAME"
Note the double quotes are literal - I don't think they're required but we put them on all our service monitors because they don't hurt anything and do allow for spaces in the service name.
After that others here upgraded to new servers and, at some point, to Nagios 4.x. Today I was notified that we had Nagios monitoring a Windows server for an MSSQL database that was displaying as "OK" but the server in question in fact has no MSSQL database (nor is MSSQL even installed). This is a false positive. On checking the entry in services.cfg on our Nagios server I found the entry as:
Code:
"`MSSQL\\$$DBNAME`"
The resulting status information text on Nagios web page gave was:
OK: All services are in their appropriate state.
However, as noted it should NOT have been OK for the host in question. I could not fathom why the back ticks were there as I'd never used them in Nagios myself. For shell commands encapsulating in back ticks makes it execute what is between them and use the output instead but I couldn't see any reason why these would be in Nagios at this point as it is a service name not a "command".
As a test I went to a server and added monitor for "`MSSQL\\$$RALPH`" knowing that there was no database named "RALPH" for that server (or any of our servers for that matter). Sure enough after restarting Nagios and going to the browser it displayed the same status for RALPH:
OK: All services are in their appropriate state.
That confirmed that, as written, this syntax was giving false positives.
On trying to revert to the 3.x entries I last used "MSSQL\\$$DBNAME" it failed after restart of Nagios.
On doing research today I found various discussions including some that mentioned the same FAQ I'd seen before. It was this discussion I found today that was most helpful. Specifically this comment:
Quote:
JO, on 2015-03-01 23:19:16
Just an FYI, in Nagios 4.1.0rc1 running on Debian 7 I only had to use one backslash i.e. check_command check_nt!SERVICESTATE!-d SHOWALL -l MSSQL\$$INSTANCE.
Just an FYI, in Nagios 4.1.0rc1 running on Debian 7 I only had to use one backslash i.e. check_command check_nt!SERVICESTATE!-d SHOWALL -l MSSQL\$$INSTANCE.
Code:
"MSSQL\$$DBNAME"
OK: MSSQL$DBNAME: started
As a test I then added an entry for "MSSQL\$$RALPH" and restarted. On checking this, the browser displayed:
CRITICAL: MSSQL$RALPH: not found (critical)
This was the correct response since database RALPH did not exist. This confirms the new syntax eliminates the false positive.
The key takeaway here is that the syntax used can vary depending on the version of Nagios used.
Much of the reading I did today seemed to vary between services.cfg and commands.cfg usage so just for completeness I'll note in our setup:
The actual check_command syntax (excluding real database names) used in services.cfg
Code:
check_command check_nscp_service!"MSSQL\$$DBNAME"
Code:
# 'check_nscp_service' command definition
define command{
command_name check_nscp_service
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckServiceState -a ShowAll $ARG1$
}
https://assets.nagios.com/downloads/...macrolist.html
Hope the above helps.
Total Comments 0
