Well in terms of need, I have (and I am sure there are others, seen messages to that effect pass the mailing lists on a regular basis) a defenite need to also monitor more then WMI provides and for that matter check_nt does not have either. I am sure there are many such things but these are high on my list right now :
<br><br>- Monitor file sizes (got a couple of processes that dare write transaction logs that sometimes go up to 2 GB in a matter of days at which point the 2 GB filesize problem on Windows causes the application to die a horrible death)
<br>- Monitor Directory Sizes (not so much for me but saw that pass by on the list a few days ago)<br>- File Age (nc_net has this) to detect hanging processes for example.<br>- Log parser with a read-mark (so it only reads new lines since last check). Mind you not clear on how to work this into Nagios. I mean, I would want to have nagios monitor a log file for say an error like 'ORA-xxxxx no active database connection' (or whatever the exact error is) and raise an alert at that point. What I am not sure about is how to then let Nagios know the error has been fixed. I suppose I coul parse the whole log every time and archive logs when I restart the process at which point the ORA-xxxxx would no longer be present in the log but the problem is these logs are huge and would probably constitute a huge performance hit if read completely on a regular basis. It's a tricky one.
<br><br>Either way unless I am mistaken these things are not easily done in WMI if they are even possible at all. But there is no denying that WMI gives you access to a wealth of information. It will be interesting to see how you do it though. Securitywise it seems like a challenge for sure. And performance wise it is not easy either. Count me in though if you want it tested.
<br><br>Cheers.<br>Hans<br><br><div><span class="gmail_quote">On 2/14/06, <b class="gmail_sendername">Ron Gage</b> <<a href="mailto:ron@rongage.org">ron@rongage.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Quoting Ryan Wilcox <<a href="mailto:rwilcox@mobitrac.com">rwilcox@mobitrac.com</a>>:<br><br><snip><br><br>> ron... it is understood that WMI would give users the ability to go way<br>> above and beyond the 'check_nt' command... what other capability are you
<br>> interested in building in that 'check_nt' doesn't provide?<br><br> From a monitoring perspective, what more would you need than WMI? You get<br>direct access to the perfmon counters and hardware enumeration. You can even
<br>enumerate services and their state via WMI (the Win32_BaseService object).<br><br><br></blockquote></div>