On Nagios Exchange there's a cool plugin which can be launched on the Kaspersky Server to check for several things, for example the expiration date of the license: check_KAV.bat by Olivier Mazan.
There is only one problem: It doesn't work.
Note: It didn't work under a Windows 2003 Server (32bit) with SQL Express 2005 and special instance name. Maybe the original script, which was written back in 2009, worked then and maybe under another environment.
Let's start the troubleshooting! Ready? Go!
Round 1
The batch script, once defined in NSClient++ was launched from the Nagios server by using check_nrpe. First argument is the number 6 (check license). In the NSClient++ command definition I hard coded the very first argument which is usually the hostname to check, I set the same host (kavserver):
/usr/local/nagios/libexec # ./check_nrpe -H kavserver -t 30 -c check_kav -a 6 7 14
Licence has expired
KAV - Expiration Time : ve/at/SQL at Client]L
CRITICAL
As one can see, the plugin outputs strange information. Looks like Windows batch is trying to tell 'verify at SQL at Client' ....
What actually happens in the batch file is the following command (by taking in account all the variables for the specific check):
C:\>OSQL -E -Q "SELECT tmExpirationTime FROM KAV.dbo.apphostskeys,KAV.dbo.hosts"
[SQL Native Client]Named Pipes Provider: Could not open a connection to SQL Server [2].
[SQL Native Client]Login timeout expired
[SQL Native Client]An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by
the fact that under the default settings SQL Server does not allow remote
connections.
No wonder the batch file/plugin is not able to find anything from the database. By searching for this error, I came across this blog page, which didn't solve the issue but gave me a hint to check for the right server name by using this command:
C:\>sqlcmd -L
Servers:
KAVSERVER
KAVSERVER\EPOSERVER
Clearly, the host KAVSERVER has an instance called EPOSERVER which is used for Kaspersky. No wonder the OSQL command didn't work. Let's try it by setting the server name in the OSQL command:
C:\>OSQL -S KAVSERVER\EPOSERVER -E -Q "SELECT tmExpirationTime FROM KAV.dbo.apphostskeys,KAV.dbo.hosts"
tmExpirationTime
-----------------------
2011-11-21 23:59:59.000
2011-11-21 23:59:59.000
2011-11-21 23:59:59.000
2011-11-21 23:59:59.000
(4 rows affected)
Now that looks better! To apply this to the batch file, you need to change line 105 (note the -S option which was added):
OSQL -S KAVSERVER\EPOSERVER -E -Q "SELECT %req01% FROM %req02% WHERE %req05%" > "%TMP%\dateus011.txt"
There are seven other OSQL commands, which need to be adjusted. The fastest thing is to search for "OSQL -E" and replace it by "OSQL -S KAVSERVER\EPOSERVER -E".
Now let's check the plugin again on the Nagios server:
/usr/local/nagios/libexec # ./check_nrpe -H kavserver -c check_kav -a 6 7 14
4 was unexpected at this time.
Argh... again, another problem. Let's get ready for Round 2:
Now we launch the exact same command which is used in the batch plugin (with WHERE):
C:\>OSQL -S EPO4\EPOSERVER -E -Q "SELECT tmExpirationTime FROM KAV.dbo.apphostskeys,KAV.dbo.hosts WHERE KAV.dbo.hosts.nId=KAV.dbo.apphostskeys.nIdhost AND strwinhostname='kavserver'"
tmExpirationTime
-----------------------
(0 rows affected)
So there's no information. Let's leave away the second WHERE input (remove AND strwinhostname='kavserver'):
C:\>OSQL -S EPO4\EPOSERVER -E -Q "SELECT tmExpirationTime FROM KAV.dbo.apphostskeys,KAV.dbo.hosts WHERE KAV.dbo.hosts.nId=KAV.dbo.apphostskeys.nIdhost"
tmExpirationTime
-----------------------
2011-11-21 23:59:59.000
(1 row affected)
That looks better. Now I had to adapt the script again. This time line 89 and 90. Simply remove "AND strwinhostname='%1'" from both lines:
set req04=(SELECT %req01% FROM %req02% WHERE KAV.dbo.hosts.nId=KAV.dbo.apphostskeys.nIdhost)
set req05=KAV.dbo.hosts.nId=KAV.dbo.apphostskeys.nIdhost
Another thing we change is the handling of the created file, which uses the command findstr. Change the line 108 to the following:
FOR /F "tokens=1,* delims=:" %%i in ('findstr /n /R : "%TMP%\dateus011.txt"') do set var201=%%j
Let's check it in Nagios again:
/usr/local/nagios/libexec # ./check_nrpe -H kavserver -c check_kav -a 6 1 5
Licence has expired
KAV - Expiration Time : 21/11/2011 at 23:59:59
CRITICAL
YES! This looks good now. The expiration check finally works. It would be nice though, if the expiration date would be written in the output, right after "License has expired".
That's easy now, let's get to Round 3:
Just change line 253 to the following (I added the variable of the date after the text):
echo Licence has expired since %date_kav201%
And in Nagios again:
/usr/local/nagios/libexec # ./check_nrpe -H kavserver -c check_kav -a 6 1 5
Licence has expired since 21/11/2011
KAV - Expiration Time : 21/11/2011 at 23:59:59
CRITICAL
And you're done!
Important: The modified check_KAV.bat script can be downloaded here (link) from my website.
It contains all modifications necessary to have it working and it also contains a new parameter at the begin of the batch file:
:: Define Name of SQL Server instance
:: example: set sqlinst=KAVSERVER\KAV
:: Check manually on the KAV Server with command 'sqlcmd -L'
set sqlinst=KAVSERVER\KAV
Use this parameter 'sqlinst' to select the correct SQL server/instance.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder