How to monitor remote Windows machine using Nagios on Linux
Welcome to my blog. I write Instruction Guides, How-Tos, and Tips & Tricks on Linux, Database, Hardware, Security and Web. Visit Best of the Blog section to get started.
In the previous articles we discussed about Nagios 3.0 Jumpstart guide and How to monitor remote Linux host using Nagios 3.0. In this article, l’ll explain how to monitor remote windows machine and the various service running on the windows server using nagios monitoring server. Following three sections are covered in this article.
I. Overview
II. 4 steps to install nagios on remote windows host
- Install NSClient++ on the remote windows server
- Modify the NSClient++ Service
- Modify the NSC.ini
- Start the NSClient++ Service
III. 6 configuration steps on nagios monitoring server
- Verify check_nt command and windows-server template
- Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg
- Modify /usr/local/nagios/etc/objects/windows.cfg
- Define windows services that should be monitored.
- Enable Password Protection
- Verify Configuration and Restart Nagios.
I. Overview
.
Following three steps will happen on a very high level when Nagios (installed on the nagios-server) monitors a service (for e.g. disk space usage) on the remote Windows host.
- Nagios will execute check_nt command on nagios-server and request it to monitor disk usage on remote windows host.
- The check_nt on the nagios-server will contact the NSClient++ service on remote windows host and request it to execute the USEDDISKSPACE on the remote host.
- The results of the USEDDISKSPACE command will be returned back by NSClient++ daemon to the check_nt on nagios-server.
Following flow summarizes the above explanation:
Nagios Server (check_nt) —–> Remote host (NSClient++) —–> USEDDISKSPACE
Nagios Server (check_nt) <—– Remote host (NSClient++) <—– USEDDISKSPACE (returns disk space usage)
II. 4 steps to setup nagios on remote windows host
.
1. Install NSClient++ on the remote windows server
Download NSCP 0.3.1 (NSClient++-Win32-0.3.1.msi) from NSClient++ Project. NSClient++ is an open source windows service that allows performance metrics to be gathered by Nagios for windows services. Go through the following five NSClient++ installation steps to get the installation completed.
(1) NSClient++ Welcome Screen
(2) License Agreement Screen
(3) Select Installation option and location. Use the default option and click next.
(4) Ready to Install Screen. Click on Install to get it started.
(5) Installation completed Screen.
2. Modify the NSClient++ Service
Go to Control Panel -> Administrative Tools -> Services. Double click on the “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ service and select the check-box that says “Allow service to interact with desktop” as shown below.
3. Modify the NSC.ini
(1) Modify NSC.ini and uncomment *.dll: Edit the C:\Program Files\NSClient++\NSC.ini file and uncomment everything under [modules] except RemoteConfiguration.dll and CheckWMI.dll
[modules] ;# NSCLIENT++ MODULES ;# A list with DLLs to load at startup. ; You will need to enable some of these for NSClient++ to work. ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ; * * ; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S * ; * * ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! FileLogger.dll CheckSystem.dll CheckDisk.dll NSClientListener.dll NRPEListener.dll SysTray.dll CheckEventLog.dll CheckHelpers.dll ;CheckWMI.dll ; ; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS! ;RemoteConfiguration.dll ; NSCA Agent is a new beta module use with care! NSCAAgent.dll ; LUA script module used to write your own “check deamon” (sort of) early beta. LUAScript.dll ; Script to check external scripts and/or internal aliases, early beta. CheckExternalScripts.dll ; Check other hosts through NRPE extreme beta and probably a bit dangerous!NRPEClient.dll
(2) Modify NSC.ini and uncomment allowed_hosts. Edit the C:\Program Files\NSClient++\NSC.ini file and Uncomment allowed_host under settings and add the ip-address of the nagios-server.
;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons. ; If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password). ; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access allowed_hosts=192.168.1.2/255.255.255.0
Note: allowed_host is located under [Settings], [NSClient] and [NRPE] section. Make sure to change allowed_host under [Settings] for this purpose.
(3) Modify NSC.ini and uncomment port. Edit the C:\Program Files\NSClient++\NSC.ini file and uncomment the port# under [NSClient] section
;# NSCLIENT PORT NUMBER ; This is the port the NSClientListener.dll will listen to. port=12489
(4) Modify NSC.ini and specify password. You can also specify a password the nagios server needs to use to remotely access the NSClient++ agent.
[Settings] ;# OBFUSCATED PASSWORD ; This is the same as the password option but here you can store the password in an obfuscated manner. ; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the ; password. Its just a bit harder to do it at first glance. ;obfuscated_password=Jw0KAUUdXlAAUwASDAAB ; ;# PASSWORD ; This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly. password=My2Secure$Password
4. Start the NSClient++ Service
Start the NSClient++ service either from the Control Panel -> Administrative tools -> Services -> Select “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ and click on start (or) Click on “Start -> All Programs -> NSClient++ -> Start NSClient++ (Win32) . Please note that this will start the NSClient++ as a windows service.
Later if you modify anything in the NSC.ini file, you should restart the “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ from the windows service.
III. 6 configuration steps on nagios monitoring server
.
1. Verify check_nt command and windows-server template
Verify that the check_nt is enabled under /usr/local/nagios/etc/objects/commands.cfg
# 'check_nt' command definition
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
}
Verify that the windows-server template is enabled under /usr/local/nagios/etc/objects/templates.cfg
# Windows host definition template - This is NOT a real host, just a template!
define host{
name windows-server ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, Windows servers are monitored round the clock
check_interval 5 ; Actively check the server every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each server 10 times (max)
check_command check-host-alive ; Default command to check if servers are "alive"
notification_period 24x7 ; Send notification out at any time - day or night
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
hostgroups windows-servers ; Host groups that Windows servers should be a member of
register 0 ; DONT REGISTER THIS - ITS JUST A TEMPLATE
}
2. Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg
# Definitions for monitoring a Windows machine cfg_file=/usr/local/nagios/etc/objects/windows.cfg
3. Modify /usr/local/nagios/etc/objects/windows.cfg
By default a sample host definition for a windows server is given under windows.cfg, modify this to reflect the appropriate windows server that needs to be monitored through nagios.
# Define a host for the Windows machine we'll be monitoring
# Change the host_name, alias, and address to fit your situation
define host{
use windows-server ; Inherit default values from a template
host_name remote-windows-host ; The name we're giving to this host
alias Remote Windows Host ; A longer name associated with the host
address 192.168.1.4 ; IP address of the remote windows host
}
4. Define windows services that should be monitored.
Following are the default windows services that are already enabled in the sample windows.cfg. Make sure to update the host_name on these services to reflect the host_name defined in the above step.
define service{
use generic-service
host_name remote-windows-host
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
define service{
use generic-service
host_name remote-windows-host
service_description Uptime
check_command check_nt!UPTIME
}
define service{
use generic-service
host_name remote-windows-host
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
define service{
use generic-service
host_name remote-windows-host
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
}
define service{
use generic-service
host_name remote-windows-host
service_description C:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use generic-service
host_name remote-windows-host
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
define service{
use generic-service
host_name remote-windows-host
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
5. Enable Password Protection
If you specified a password in the NSC.ini file of the NSClient++ configuration file on the Windows machine, you’ll need to modify the check_nt command definition to include the password. Modify the /usr/local/nagios/etc/commands.cfg file and add password as shown below.
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s My2Secure$Password -v $ARG1$ $ARG2$
}
6. Verify Configuration and Restart Nagios.
Verify the nagios configuration files as shown below.
[nagios-server]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Total Warnings: 0 Total Errors: 0 Things look okay - No serious problems were detected during the pre-flight check
Restart nagios as shown below.
[nagios-server]# /etc/rc.d/init.d/nagios stop Stopping nagios: .done. [nagios-server]# /etc/rc.d/init.d/nagios start Starting nagios: done.
Verify the status of the various services running on the remote windows host from the Nagios web UI (http://nagios-server/nagios) as shown below.
What Next? Bookmark on del.icio.us Stumble it Digg it Subscribe to The Geek Stuff Leave a comment |
Related Articles |
Great tip buddy, I usually have a machine running at home for downloads etc and this could be a great way to monitor it from my linux box.
seems to be time taking but sounds great! will try it out LD
Has the client and Nagios in general been tested to operate successfully on and monitor Windows Server 2003, 2008 and which versions, R1, R2, 34/64-bit?
I currently have it up and running, Nagios 3.0 running on Ubuntu 8.04, on a Latitude 5000 laptop. It’s monitoring a Win 2003 sbs SP2, HP Proliant DL 380. NsClient is the latest one, which I updated less than 3 month ago. I also configured the Ubuntu box as an email server, which allows the nagios to send out any email alerts w/o having to register a domain or anything (but it can’t receive any email). But that does not matter in this scenario. I’m particularly like having the monitoring box being independent from the server, because if my Win server were to go down, nagios is still fully capable of alerting me (of course if an internet connection is still available).
@Tim,
I have tried it on Windows 2003 32-bit OS. According to the NSClient++ project web-page, it should work under the following OS. If you try installing it on 64-bit OS and Windows 2008, please post your feedback.
* NT4 (SP5?)
* Windows 2000 W2K
* Windows XP
* Windows 2003
* Windows Vista
* …
…as well as the following platforms:
* Win32
* x64 (AMT64/EMT64)
* IA64 (Itanium)
@JG,
Thanks for sharing your experience about Nagios.
Hi
Its a very nice and step by step procedure
This procedure is crystal clear ..
Thanks for such a good procedure
Regards
Karthik
This is great but can you tell me how to monitor a Win server with multiple drives. Currently I set up Nagios and it is working great. The only thing is that it is only monitoring the C:\ and no others.
@Mando,
In the Step#4, add a new service with name “D:\ Drive Space” and pass the D drive to the -l parameter of check_nt command as shown below. So, the check_command should be check_nt!USEDDISKSPACE! -l {drive-letter-to-be-monitored} -w 80 -c 90
define service{
use generic-service
host_name remote-windows-host
service_description D:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l d -w 80 -c 90
}
Repeat the same service, to monitor other drives by changing the value of -l accordingly.
Hi.
First of all i should appreciate this step by step guide produced by Ramesh..
I have a problem if you can help me plz. i followed these steps and i was able to monitor my Windows-server 2003. But when i configured Nagios to monitor Remote linux (Centos) along with Windows-server now i can only monitor my local & remote Linux but now all Windows services say “Critical” and ” connections refused” when i go to http://local/nagios
Can you tell me whats wrong with Windows services but when i ping it works…
Thanks in Advance
Good article but for the more advanced nagios users - not much help. For instance the referring article indicates that there are plugins to assist in monitoring the more critical of services such as AD services ldap, dns etc and also monitoring of VPN tunnels.
Is it possible Ramesh that you could post an update that addresses monitoring elements such as those ?
Thanks much
Good site. Hey can u let me know if i can run my own script/command on the Windows host remotely? e.g. restart the http service on windows if it goes down and checked by nagios !!
Hi,
Installed the nagios server and windws host with no problem, no error while verify the configuration.
while running nagios http://local/nagios , am getting following error message
“WARNING could not fetch information from server. both the nagios server and windows host are in same VLAN.
Will appriciate for the help.
Thanks in advance
Excellent walkthrough. This has helped me a great deal in setting up Nagios to monitor our Windows boxes.
Ryan,
Can you highlight on the problem mentioned on my comments
“am getting following error message
“WARNING could not fetch information from server. both the nagios server and windows host are in same VLAN.
Will appriciate for the help.
Thanks in advance
Rajesh - Had a similar problem, and I went back through the nsc.ini file.
in your nsc.ini file on the Windows server, have you checked that the paths in the .ini file reflect the directory where you have copied the nsclient++ folder to. Use a find and replace to correct all paths.
Also, is your hostname in the nsc.ini set to the correct parameter, and have you specified the the ip address of your Nagios server in the same file.
Thanks,
I checked the .ini file and all seem to be OK. I am getting following error on windows server.
“2008-10-20 14:19:23: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:19:53: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:20:12: message:.\FileLogger.cpp:92: Starting to log for: NSClient++ - 0.3.5.2 2008-09-24
2008-10-20 14:20:12: message:CACHE.\NSClient++.cpp:370: Attempting to start NSCLient++ - 0.3.5.2 2008-09-24
2008-10-20 14:20:12: message:CACHE.\FileLogger.cpp:93: Log path is: C:\Program Files\NSClient++\\nsclient.log
2008-10-20 14:20:12: message:.\NSClient++.cpp:476: NSCLient++ - 0.3.5.2 2008-09-24 Started!
2008-10-20 14:20:49: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:21:06: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:21:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:22:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:23:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:24:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:25:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:26:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:27:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:28:12: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:28:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:29:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:29:55: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:30:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:30:51: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:31:08: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:31:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:32:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:33:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:34:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:35:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:36:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:37:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:38:12: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:38:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:39:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:39:55: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:40:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:40:51: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:41:08: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:41:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
‘
Excellent tutorial. Thanks a lot. Any advice on how to monitor the CPU of servers with more than 1 CPU?