12

I see on http://exchange.nagios.org that there are not plugins to check if sendmail, xinetd, automount, ypserv, ypbind, mailscanner, mcafee, clamav, samba server, and openvpn are running.

Of course all these should be stable programs, but they are critical, so I would like to check if they are running.

Question

Does there exist a generic plugin to check for specific processes?

Sandra
  • 10,303
  • 38
  • 112
  • 165

6 Answers6

26

I use the standard NAGIOS check_procs plugin, with the -C flag, shown here being invoked from nrpe.cfg via NRPE:

command[check_spamd]=/usr/lib/nagios/plugins/check_procs -c 1: -w 3: -C spamd

which will WARN if it doesn't find at least three processes with the executable name (not counting path) spamd, and which will CRIT if it doesn't find at least one.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
2

I am using this script to check various running processes. You can edit these two lines:

PROCLIST_RED="sshd"
PROCLIST_YELLOW="syslogd"

to change the red (critical) processes and yellow (warning) processes.

Also, this script checks for open ports (listening state). You can edit the line:

PORTLIST="22"

I even modified the script myself by defining a new variables UDP_PORTLIST to check for UDP sockets.

Khaled
  • 36,533
  • 8
  • 72
  • 99
  • Script link is dead – phansen Dec 24 '15 at 16:40
  • Not sure if [this](https://exchange.nagios.org/directory/Plugins/Operating-Systems/Linux/Check-Processes-and-Ports/details) is the right script, but at least the name is the same. Maybe this helps. – gxx Feb 15 '17 at 13:51
2

The "check_procs" plugin is what you want, it is available on
http://nagiosplugins.org/man/check_procs

Shadok
  • 623
  • 5
  • 10
1

Any services that should be listening on a TCP port can be checked with check_tcp. By doing the connection check externally you check that the firewall is allowing connections through on that port in addition to checking that the process is running and listening on the correct port.

The check_tcp check will not tell you if someone started up Postfix instead of sendmail or configured nginx to listen on port 80 instead of Apache but check_procs (that the others already mentioned) will do that.

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
  • That is interesting! I see the plugin requires a send/expect string. How do I find these for e.g. sendmail and openvpn? – Sandra May 10 '12 at 12:24
  • 2
    Does it *require* the send/expect string? You can find what to send for sendmail by either reviewing the [SMTP spec](http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example) or by connecting with `telnet localhost 25` and trying it out yourself. OpenVPN might be a bit more tricky as it wants to be encrypted however sending some nonsense and receiving an error message might be adequate for your needs. – Ladadadada May 10 '12 at 12:28
  • Ups. I tried the check_udp instead of check_tcp. Using telnet to get the send/expect will certainly become useful. – Sandra May 10 '12 at 12:39
1

Generally, it's better to actually connect to a network service and see if it's responding as expected, instead of just using check_tcp or checking if the service is running.

In the case of Samba, ClamAV, Sendmail, etc., there are service-specific plugins to check these (even if checked on "localhost" via NRPE) that will be more accurate than just checking if the port is open. Obviously, checking the tcp port and/or using check_procs is better than nothing.

Keith
  • 4,637
  • 15
  • 25
0

Check below article. It perfectly explains how to monitor specific processes.

https://support.nagios.com/kb/article/process-checks-782.html

Yasiru G
  • 101
  • 3