Nagios check_procs state filter

nagiosnrpe

I'm on Ubuntu 14.04 and trying to run

/usr/lib/nagios/plugins/check_procs -C rsyslogd -w 1:3 -c 1:5 -s S

and it returns

PROCS CRITICAL: 0 processes with command name 'rsyslogd', STATE = S | procs=0;1:3;1:5;0;

So I run with -vvv and find that check_procs uses the command /bin/ps axwwo 'stat uid pid ppid vsz rss pcpu etime comm args' to list processes. I find my rsyslogd process and it is listed as follows:

Ssl 101 406 1 256232 25392 0.0 157-05:57:14 rsyslogd rsyslogdproc#=0 uid=101 vsz=256232 rss=25392 pid=406 ppid=1 pcpu=0.00 stat=Ssl etime=157-05:57:14 prog=rsyslogd args=rsyslogd

Looking at the help for the command it says:

-s, --state=STATUSFLAGS
Only scan for processes that have, in the output of `ps`, one or
more of the status flags you specify (for example R, Z, S, RS,
RSZDT, plus others based on the output of your 'ps' command).

So it really should be working. Just for testing I tried to run

/usr/lib/nagios/plugins/check_procs -C rsyslogd -w 1:3 -c 1:5 -s Ssl

This command returns the result I expect from the first command:

PROCS OK: 1 process with command name 'rsyslogd', STATE = Ssl | procs=1;1:3;1:5;0;

check_procs is v1.5.

I have the same test command working on a RHEL 6.5 server so it could be Ubuntu specific I guess.

Best Answer

Looking at the source for check_procs, the behavior you are seeing is by design. Or rather, the behavior depends entirely on the behavior of the ps implementation. (If it works on your RHEL system, that's almost certainly a happy coincidence.)

The plugin must use ps (instead of digging around in /proc) to allow it to run on systems without /proc (e.g., non-Linux).

After scraping the ps output, the plugin calls strstr to see if the process state is contained in your command-line arg to -s. So, in your example, it's checking to see if "Ssl" is a substring of "S".

It might seem that this is backwards logic, e.g., that it should be checking if your arg "S" is a substring of "Ssl", but I believe the intent is for you to provide multiple process states as an arg to -s.

For example, you can do this:

check_procs -C rsyslogd -w 1:3 -c 1:5 -s S,Ssl,Sl
PROCS OK: 1 process with command name 'rsyslogd', STATE = S,Ssl,Sl

The commas are just to make it more readable; the plugin effectively ignores them.

Related Topic