I am looking to use the Nagios plugin check_procs to monitor the number of ssh daemons running on my CentOS servers. Consider my server right now:
$ ps auxww | grep ssh
root 6750 0.0 0.0 31812 1224 ? Ss 2012 0:01 /usr/sbin/sshd
root 23375 0.0 0.0 65464 3244 ? Ss 16:53 0:00 sshd: user [priv]
user 23377 0.0 0.0 65464 1908 ? S 16:53 0:00 sshd: user@pts/1
root 23404 0.0 0.0 65464 3248 ? Ss 16:53 0:00 sshd: user [priv]
user 23406 0.0 0.0 65464 1912 ? S 16:53 0:00 sshd: user@pts/2
I am only interested in knowing how many instances of '/usr/sbin/sshd' are running, NOT how many daemons have been launched to handle incoming ssh connections. Is there a way to accomplish this?
You could check for 'sshd' daemons started specifically from 'root' using:
check_procs -p 1 -C sshd
PROCS OK: 1 process with PPID = 1, command name 'sshd'
That should eliminate the forks started to handle user connections. The '-p' option tells check_procs to only count those processes with the given PPID, in this case '1' belonging to root. The check_procs command won't allow you to add a path.
If you need to see the number of '/usr/sbin/sshd' specific daemons running, no mater the user they are running from, you could build a check around the following:
ps -ef | grep "/usr/sbin/sshd" | grep -v grep | wc -l
1
That would give you the count, which you can then check in bash/perl/... and throw the alert as required.
After looking at the source for check_procs, I would use the following check config:
check_procs -p 1 --ereg-argument-array=^\/usr\/sbin\/sshd
That should give you exactly what you're looking for and will include the 'path' in what is being checked - which is not available with the -C option.