/build/static/layout/Breadcrumb_cap_w.png

MySQL Query to check on whether specific services are running on a Windows machine

I have the following query (riffing off of the canned k1000 report for identifying services set to auto start that are not running):

SELECT M.NAME AS 'System',

NS.DISPLAY_NAME AS 'Service Display Name',

NS.NAME AS 'Service Name',

NS.STARTUP_TYPE AS 'Startup Type',

NS.STATUS AS 'Service Status'

FROM MACHINE M

LEFT JOIN MACHINE_NTSERVICE_JT MNJT ON M.ID = MNJT.MACHINE_ID

LEFT JOIN NTSERVICE NS ON MNJT.NTSERVICE_ID = NS.ID

WHERE M.OS_NAME LIKE '%Windows%'

AND NS.STARTUP_TYPE LIKE 'SERVICE_AUTO_START'

AND NS.STATUS LIKE 'SERVICE_STOPPED'

-- AND NS.NAME = 'AVP'

AND NS.NAME = 'ntrtscan'

-- AND NS.NAME RLIKE 'AVP'|'ntrtscan'

GROUP BY M.NAME, NS.NAME

The goal is to identify all Windows machines with either one or the other service, 'ntrtscan' or 'avp', stopped.

If I use 

AND NS.NAME = 'AVP'

I get one result.

If I use 

AND NS.NAME = 'ntrtscan'

I get three results.

If I use 

AND NS.NAME RLIKE 'AVP'|'ntrtscan'

I get throusands of results when I'm expecting four.

If I use 

AND NS.NAME RLIKE 'AVP'

I get one result... What am I missing?

Thanks

Asked 11 years ago 1546 views
0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: dugullett 11 years ago
Red Belt
0

Take the ' ' off of the RLIKE. It should just be at the beginning and the end. 

AND NS.NAME RLIKE 'AVP|ntrtscan'

Comments:
  • Arggg. That was dumb. Thanks dugullett! - kpm8 11 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ