Home > Nagios, plugins > Monitor IIS erros with nagios

Monitor IIS erros with nagios

So How can we know the IIS server is responding to all petitions?
Well I found a way to go directly in the IIS log files and get the results from there. They key was logparser
Its very usefull to monitor, if the site is acting wierd or is being attacked by hackers the thresholds should go off.

The script is integrated with nagios and called using the Nagios Agent NC_NET it should also work with NRPE_NT
BEWARE:It takes the current hour as argument so it almost real-time check.
That said, you should see the number raizes and then when the hour change it goes to 0,
so its ideal to perform the checks once an hour maybe at minute 59,58 this way the result should be more true.

It should also graph the results.
I am querying 2GB log files with great times around, 10-15 seconds.

I have tested with Windows 2003, IIS 6 running under the directory c:scripts be sure to create c:scriptslogs
The log is optional and it can be set from within the script.

Call from nagios or from command line using NC_NET:
C:PROGRA~1MontitechNC_Netscriptcheckiis.vbs //nologo -s SitePremium -t 404 -w 5 -c 20

The script output should be something like:
WARNING – 39 errors type 404 on site SitePremium |IIS Erros: 39, 5, 20

Syntax:
cscript checkiis.vbs -s SiteName -t Tipo de Erro -w warning -c critical
Example:
cscript checkiis.vbs -s myweb -t 404 -w 50 -c 100
-h [–help] Help.
-s sitename Website name in IIS 6
-t ErrorType IIS errortype:400,404,501,500 etc…

The query I am executing is very dynamicly built but should look something like:
select date as Date, QUANTIZE(time, 3600) AS Hour, sc-status as Status, count(*) AS ErrorCount
from ‘E:Logs-SitesSitePremiumW3SVC1523476301ex100521.log’ to ‘c:scriptslogsLogs_SitePremium.csv’
WHERE sc-status = 404 AND Hour = ’15:00:00′
GROUP BY date, hour,sc-status HAVING ErrorCount > 5
ORDER BY ErrorCount DESC

To get more detail of the erros you could execute the query (using logparser) it will output each URL
associated with the errocode.
select date as Date, QUANTIZE(time, 3600) AS Hour, sc-status as Status,cs-uri-stem as URL, count(*) AS ErrorCount
from ‘E:Logs-SitesSitePremiumW3SVC246720831ex100521.log’ to ‘c:scriptslogsSitePremium500.csv’
WHERE sc-status >= 500
GROUP BY date, hour,sc-status,cs-uri-stem HAVING ErrorCount > 30
ORDER BY ErrorCount DESC

download the script

  1. egrimisu
    December 30th, 2014 at 13:29 | #1

    link not working, could you please reupload the file? thanks

  2. egrimisu
    December 30th, 2014 at 14:56 | #2

    back, i have found your script on google,
    i have installed logparser 2.2 and set the logsroot = “C:\WINDOWS\system32\LogFiles” where my logs are located, os 2003 R2 with IIS6
    when i try to execute the vbs locally i get the following error:
    “C:\Program Files\NSClient++\scripts\checkiis.vbs(163, 3) Erreur d’exécution Microsoft VBScript: Chemin d’accès introuvable”

  3. egrimisu
    December 30th, 2014 at 15:43 | #3

    ok, i have managed to get passed the error, somehow the getpath call is not working as expected, therefor i have set the path by hand logfile = “C:\WINDOWS\system32\LogFiles\W3SVC1\” & “ex” & logday & “.log” and worked like a charm.
    But i’m searching for errors and can’t find any, is it possible that in a 100mb logfile there are no errors? checking for 200 should return something or am i wrong?

  4. egrimisu
    December 31st, 2014 at 07:25 | #4

    back again, the time was set to gmt +3 qn i live in a gmt+1 areea, so corectic the var in the script did the trick, now everything is up and running.

  1. June 25th, 2010 at 19:38 | #1

VAMOVE *

*