4. Monitoring Windows host with Nagios

In previous chapters we have learned, that nagios can do a lot in terms of monitoring hardware, software and network. Now its time to configure some hosts and to see results in admin panel. We will configure Windows and Linux hosts as well as router and switch.

Our Windows Host is typical Windows 2008r2 server patched to the latest version. Configuring monitoring is very often done in 2 steps:

  • Configuring nagios console/admin server
  • Configuring client (server) side plugin or agent

We will configure each part for every type of host to make sure everything works

First, we need to configure nagios admin to be able to receive and process data from host. In order to do that we need to edit file /usr/local/nagios/etc/objects/windows.cfg

This is simple template for defining windows hosts and services for nagios. You can either direct edit this file or copy it to other name and edit that. To edit you can nano it by typing:

root@nagios-test05:/home/milosz# nano /usr/local/nagios/etc/objects/windows.cfg

I prefer, however to edit it with notepad++ and WinSCP. Just pick a method that suits you best. I do not insist nor argue or stand for either method. It’s completely up to you. If I need a small change I pick nano, if a bigger one with lots of scrolling I prefer windowed editors.

Above file is divided in 3 sections: host definitions, host group definitions and service definitions.

In HOST DEFINITIONS section we need to add a new host:

###############################################################################
###############################################################################
#
# HOST DEFINITIONS
#
###############################################################################
###############################################################################

# Define a host for the Windows machine we'll be monitoring
# Change the host_name, alias, and address to fit your situation

define host{
 use windows-server ; Inherit default values from a template
 host_name winserver ; The name we're giving to this host
 alias My Windows Server ; A longer name associated with the host
 address 192.168.1.2 ; IP address of the host
 }

Above example is pretty clear I think. We need to change it according to our needs:

define host{
 use windows-server ; Inherit default values from a template
 host_name nagios-win-test; The name we're giving to this host
 alias Nagios Windows Test ; A longer name associated with the host
 address 192.168.0.225 ; IP address of the host
 }

and save changes.

Now, we can edit the HOST GROUP DEFINITIONS section. We will leave it as it is because we have only one windows group. We could add more groups if we had for example:

  • windows virtual machines (check state of vm services)
  • windows sql servers (check state of sql processes and different RAM settings)
  • and so on

Next part is SERVICE DEFINITIONS

Below is example of predefined service checks for Windows hosts:

###############################################################################
###############################################################################
#
# SERVICE DEFINITIONS
#
###############################################################################
###############################################################################


# Create a service for monitoring the version of NSCLient++ that is installed
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description NSClient++ Version
 check_command check_nt!CLIENTVERSION
 }



# Create a service for monitoring the uptime of the server
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description Uptime
 check_command check_nt!UPTIME
 }



# Create a service for monitoring CPU load
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description CPU Load
 check_command check_nt!CPULOAD!-l 5,80,90
 }



# Create a service for monitoring memory usage
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description Memory Usage
 check_command check_nt!MEMUSE!-w 80 -c 90
 }



# Create a service for monitoring C:\ disk usage
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description C:\ Drive Space
 check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
 }



# Create a service for monitoring the W3SVC service
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description W3SVC
 check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
 }



# Create a service for monitoring the Explorer.exe process
# Change the host_name to match the name of the host you defined above

define service{
 use generic-service
 host_name winserver
 service_description Explorer
 check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
 }

As you can see above there are many commands to play with. Full list of Windows agent NSClient++ can be found here.

In every service we have fields:

  • use – tells to use generic service definition
  • host_name – pretty clear BUT do pay attention to mistakes here. Empty host_name is ok, misspelled isn’t and will generate an error!
  • service-description – is description seen in admin console
  • check_command – this is command to execute by an agent installed on client. Refer to NSClient++ command reference

 

The easiest way is to change host_name to a name specified in host_name in HOST DEFINITIONS section. Sample service should then look similar to this:

define service{
 use generic-service
 host_name nagios-win-test
 service_description Uptime
 check_command check_nt!UPTIME
 }

We then need to save the file. Next step is to enable above config in nagios config.

We need to edit file /usr/local/nagios/etc/nagios.cfg

and uncomment line:

#cfg_file=/usr/local/nagios/etc/objects/windows.cfg

This will tell nagios to check our Windows Hosts config.

Restart nagios by issuing a command

/etc/init.d/nagios restart

or

service nagios restart

At this point we have:

nagios_windows_fail1

or even better:

nagios_windows_fail2

Don’t worry about that we now need to install NSClient++ on Windows machine that we want to monitor. We need to download NSClient++ and install in on target machine.

Now, we need to modify a config file:nslicent.ini located in C:\Program Files\NSClient++\ in order to allow specific host, list of hosts or whole subnet to connect to this server in order to monitor things.

For the need of this example we need to modify following lines:

allowed hosts = 192.168.1.0/24

we are permitting whole subnet (security is not taken into account here!) to monitor our host.

Next need to change values from zero to “1” in the following settings:

CheckNSCP = 1
CheckWmi = 1
CheckDisk = 1
CheckSystem = 1
NRPEServer = 1
NSClientServer = 1

File will be write-protected by nscp.exe process. Just stop the NSClient++ service, edit the file and start it again. Now Nagios should start monitoring host like below:

nagios_windows_success

Success!

Side note: process monitoring is done for the same user that nscp service is running. Most of the time it’s “SYSTEM”. So monitoring for example explorer.exe (which is runned for current logged user instead of SYSTEM) is pointless.

Full list of NSClient++ modules, commands and options can be found here: https://docs.nsclient.org/reference/index.html.

That’s pretty all for Windows group. I encourage you to play with options, and post if you have any problems!

Loading