How To Monitor Remote Windows Machine Using Nagios on Linux
Free eBook - Linux 101 Hacks. Get your copy now.
In the previous articles we discussed about Nagios 3.0 Jumpstart guide and How to monitor remote Linux host using Nagios 3.0. In this article, l’ll explain how to monitor remote windows machine and the various service running on the windows server using nagios monitoring server. Following three sections are covered in this article.
I. Overview
II. 4 steps to install nagios on remote windows host
- Install NSClient++ on the remote windows server
- Modify the NSClient++ Service
- Modify the NSC.ini
- Start the NSClient++ Service
III. 6 configuration steps on nagios monitoring server
- Verify check_nt command and windows-server template
- Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg
- Modify /usr/local/nagios/etc/objects/windows.cfg
- Define windows services that should be monitored.
- Enable Password Protection
- Verify Configuration and Restart Nagios.
I. Overview
.
Following three steps will happen on a very high level when Nagios (installed on the nagios-server) monitors a service (for e.g. disk space usage) on the remote Windows host.
- Nagios will execute check_nt command on nagios-server and request it to monitor disk usage on remote windows host.
- The check_nt on the nagios-server will contact the NSClient++ service on remote windows host and request it to execute the USEDDISKSPACE on the remote host.
- The results of the USEDDISKSPACE command will be returned back by NSClient++ daemon to the check_nt on nagios-server.
Following flow summarizes the above explanation:
Nagios Server (check_nt) —–> Remote host (NSClient++) —–> USEDDISKSPACE
Nagios Server (check_nt) <—– Remote host (NSClient++) <—– USEDDISKSPACE (returns disk space usage)
II. 4 steps to setup nagios on remote windows host
.
1. Install NSClient++ on the remote windows server
Download NSCP 0.3.1 (NSClient++-Win32-0.3.1.msi) from NSClient++ Project. NSClient++ is an open source windows service that allows performance metrics to be gathered by Nagios for windows services. Go through the following five NSClient++ installation steps to get the installation completed.
(1) NSClient++ Welcome Screen
(2) License Agreement Screen
(3) Select Installation option and location. Use the default option and click next.
(4) Ready to Install Screen. Click on Install to get it started.
(5) Installation completed Screen.
2. Modify the NSClient++ Service
Go to Control Panel -> Administrative Tools -> Services. Double click on the “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ service and select the check-box that says “Allow service to interact with desktop” as shown below.
3. Modify the NSC.ini
(1) Modify NSC.ini and uncomment *.dll: Edit the C:\Program Files\NSClient++\NSC.ini file and uncomment everything under [modules] except RemoteConfiguration.dll and CheckWMI.dll
[modules] ;# NSCLIENT++ MODULES ;# A list with DLLs to load at startup. ; You will need to enable some of these for NSClient++ to work. ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ; * * ; * N O T I C E ! ! ! - Y O U H A V E T O E D I T T H I S * ; * * ; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! FileLogger.dll CheckSystem.dll CheckDisk.dll NSClientListener.dll NRPEListener.dll SysTray.dll CheckEventLog.dll CheckHelpers.dll ;CheckWMI.dll ; ; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS! ;RemoteConfiguration.dll ; NSCA Agent is a new beta module use with care! NSCAAgent.dll ; LUA script module used to write your own "check deamon" (sort of) early beta. LUAScript.dll ; Script to check external scripts and/or internal aliases, early beta. CheckExternalScripts.dll ; Check other hosts through NRPE extreme beta and probably a bit dangerous!NRPEClient.dll
(2) Modify NSC.ini and uncomment allowed_hosts. Edit the C:\Program Files\NSClient++\NSC.ini file and Uncomment allowed_host under settings and add the ip-address of the nagios-server.
;# ALLOWED HOST ADDRESSES ; This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons. ; If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password). ; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access allowed_hosts=192.168.1.2/255.255.255.0
Note: allowed_host is located under [Settings], [NSClient] and [NRPE] section. Make sure to change allowed_host under [Settings] for this purpose.
(3) Modify NSC.ini and uncomment port. Edit the C:\Program Files\NSClient++\NSC.ini file and uncomment the port# under [NSClient] section
;# NSCLIENT PORT NUMBER ; This is the port the NSClientListener.dll will listen to. port=12489
(4) Modify NSC.ini and specify password. You can also specify a password the nagios server needs to use to remotely access the NSClient++ agent.
[Settings] ;# OBFUSCATED PASSWORD ; This is the same as the password option but here you can store the password in an obfuscated manner. ; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the ; password. Its just a bit harder to do it at first glance. ;obfuscated_password=Jw0KAUUdXlAAUwASDAAB ; ;# PASSWORD ; This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly. password=My2Secure$Password
4. Start the NSClient++ Service
Start the NSClient++ service either from the Control Panel -> Administrative tools -> Services -> Select “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ and click on start (or) Click on “Start -> All Programs -> NSClient++ -> Start NSClient++ (Win32) . Please note that this will start the NSClient++ as a windows service.
Later if you modify anything in the NSC.ini file, you should restart the “NSClientpp (Nagios) 0.3.1.14 2008-03-12 w32″ from the windows service.
III. 6 configuration steps on nagios monitoring server
.
1. Verify check_nt command and windows-server template
Verify that the check_nt is enabled under /usr/local/nagios/etc/objects/commands.cfg
# 'check_nt' command definition
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
}
Verify that the windows-server template is enabled under /usr/local/nagios/etc/objects/templates.cfg
# Windows host definition template - This is NOT a real host, just a template!
define host{
name windows-server ; The name of this host template
use generic-host ; Inherit default values from the generic-host template
check_period 24x7 ; By default, Windows servers are monitored round the clock
check_interval 5 ; Actively check the server every 5 minutes
retry_interval 1 ; Schedule host check retries at 1 minute intervals
max_check_attempts 10 ; Check each server 10 times (max)
check_command check-host-alive ; Default command to check if servers are "alive"
notification_period 24x7 ; Send notification out at any time - day or night
notification_interval 30 ; Resend notifications every 30 minutes
notification_options d,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
hostgroups windows-servers ; Host groups that Windows servers should be a member of
register 0 ; DONT REGISTER THIS - ITS JUST A TEMPLATE
}
2. Uncomment windows.cfg in /usr/local/nagios/etc/nagios.cfg
# Definitions for monitoring a Windows machine cfg_file=/usr/local/nagios/etc/objects/windows.cfg
3. Modify /usr/local/nagios/etc/objects/windows.cfg
By default a sample host definition for a windows server is given under windows.cfg, modify this to reflect the appropriate windows server that needs to be monitored through nagios.
# Define a host for the Windows machine we'll be monitoring
# Change the host_name, alias, and address to fit your situation
define host{
use windows-server ; Inherit default values from a template
host_name remote-windows-host ; The name we're giving to this host
alias Remote Windows Host ; A longer name associated with the host
address 192.168.1.4 ; IP address of the remote windows host
}
4. Define windows services that should be monitored.
Following are the default windows services that are already enabled in the sample windows.cfg. Make sure to update the host_name on these services to reflect the host_name defined in the above step.
define service{
use generic-service
host_name remote-windows-host
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
define service{
use generic-service
host_name remote-windows-host
service_description Uptime
check_command check_nt!UPTIME
}
define service{
use generic-service
host_name remote-windows-host
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
define service{
use generic-service
host_name remote-windows-host
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
}
define service{
use generic-service
host_name remote-windows-host
service_description C:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use generic-service
host_name remote-windows-host
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
define service{
use generic-service
host_name remote-windows-host
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
5. Enable Password Protection
If you specified a password in the NSC.ini file of the NSClient++ configuration file on the Windows machine, you’ll need to modify the check_nt command definition to include the password. Modify the /usr/local/nagios/etc/commands.cfg file and add password as shown below.
define command{
command_name check_nt
command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s My2Secure$Password -v $ARG1$ $ARG2$
}
6. Verify Configuration and Restart Nagios.
Verify the nagios configuration files as shown below.
[nagios-server]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg Total Warnings: 0 Total Errors: 0 Things look okay - No serious problems were detected during the pre-flight check
Restart nagios as shown below.
[nagios-server]# /etc/rc.d/init.d/nagios stop Stopping nagios: .done. [nagios-server]# /etc/rc.d/init.d/nagios start Starting nagios: done.
Verify the status of the various services running on the remote windows host from the Nagios web UI (http://nagios-server/nagios) as shown below.
Recommended Reading
These are the two best book that covers the latest Nagios 3. I strongly recommend that you read both of these books to gain a detailed understanding on Nagios.
 
|
 
|
Tags: Cisco, nagios, Temperature, VPN
Great tip buddy, I usually have a machine running at home for downloads etc and this could be a great way to monitor it from my linux box.
seems to be time taking but sounds great! will try it out LD
Has the client and Nagios in general been tested to operate successfully on and monitor Windows Server 2003, 2008 and which versions, R1, R2, 34/64-bit?
I currently have it up and running, Nagios 3.0 running on Ubuntu 8.04, on a Latitude 5000 laptop. It’s monitoring a Win 2003 sbs SP2, HP Proliant DL 380. NsClient is the latest one, which I updated less than 3 month ago. I also configured the Ubuntu box as an email server, which allows the nagios to send out any email alerts w/o having to register a domain or anything (but it can’t receive any email). But that does not matter in this scenario. I’m particularly like having the monitoring box being independent from the server, because if my Win server were to go down, nagios is still fully capable of alerting me (of course if an internet connection is still available).
@Tim,
I have tried it on Windows 2003 32-bit OS. According to the NSClient++ project web-page, it should work under the following OS. If you try installing it on 64-bit OS and Windows 2008, please post your feedback.
* NT4 (SP5?)
* Windows 2000 W2K
* Windows XP
* Windows 2003
* Windows Vista
* …
…as well as the following platforms:
* Win32
* x64 (AMT64/EMT64)
* IA64 (Itanium)
@JG,
Thanks for sharing your experience about Nagios.
Hi
Its a very nice and step by step procedure
This procedure is crystal clear ..
Thanks for such a good procedure
Regards
Karthik
This is great but can you tell me how to monitor a Win server with multiple drives. Currently I set up Nagios and it is working great. The only thing is that it is only monitoring the C:\ and no others.
@Mando,
In the Step#4, add a new service with name “D:\ Drive Space” and pass the D drive to the -l parameter of check_nt command as shown below. So, the check_command should be check_nt!USEDDISKSPACE! -l {drive-letter-to-be-monitored} -w 80 -c 90
define service{
use generic-service
host_name remote-windows-host
service_description D:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l d -w 80 -c 90
}
Repeat the same service, to monitor other drives by changing the value of -l accordingly.
Hi.
First of all i should appreciate this step by step guide produced by Ramesh..
I have a problem if you can help me plz. i followed these steps and i was able to monitor my Windows-server 2003. But when i configured Nagios to monitor Remote linux (Centos) along with Windows-server now i can only monitor my local & remote Linux but now all Windows services say “Critical” and ” connections refused” when i go to http://local/nagios
Can you tell me whats wrong with Windows services but when i ping it works…
Thanks in Advance
Good article but for the more advanced nagios users – not much help. For instance the referring article indicates that there are plugins to assist in monitoring the more critical of services such as AD services ldap, dns etc and also monitoring of VPN tunnels.
Is it possible Ramesh that you could post an update that addresses monitoring elements such as those ?
Thanks much
Good site. Hey can u let me know if i can run my own script/command on the Windows host remotely? e.g. restart the http service on windows if it goes down and checked by nagios !!
Hi,
Installed the nagios server and windws host with no problem, no error while verify the configuration.
while running nagios http://local/nagios , am getting following error message
“WARNING could not fetch information from server. both the nagios server and windows host are in same VLAN.
Will appriciate for the help.
Thanks in advance
Excellent walkthrough. This has helped me a great deal in setting up Nagios to monitor our Windows boxes.
Ryan,
Can you highlight on the problem mentioned on my comments
“am getting following error message
“WARNING could not fetch information from server. both the nagios server and windows host are in same VLAN.
Will appriciate for the help.
Thanks in advance
Rajesh – Had a similar problem, and I went back through the nsc.ini file.
in your nsc.ini file on the Windows server, have you checked that the paths in the .ini file reflect the directory where you have copied the nsclient++ folder to. Use a find and replace to correct all paths.
Also, is your hostname in the nsc.ini set to the correct parameter, and have you specified the the ip address of your Nagios server in the same file.
Thanks,
I checked the .ini file and all seem to be OK. I am getting following error on windows server.
“2008-10-20 14:19:23: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:19:53: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:20:12: message:.\FileLogger.cpp:92: Starting to log for: NSClient++ – 0.3.5.2 2008-09-24
2008-10-20 14:20:12: message:CACHE.\NSClient++.cpp:370: Attempting to start NSCLient++ – 0.3.5.2 2008-09-24
2008-10-20 14:20:12: message:CACHE.\FileLogger.cpp:93: Log path is: C:\Program Files\NSClient++\\nsclient.log
2008-10-20 14:20:12: message:.\NSClient++.cpp:476: NSCLient++ – 0.3.5.2 2008-09-24 Started!
2008-10-20 14:20:49: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:21:06: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:21:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:22:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:23:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:24:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:25:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:26:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:27:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:28:12: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:28:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:29:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:29:55: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:30:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:30:51: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:31:08: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:31:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:32:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:33:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:34:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:35:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:36:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:37:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:38:12: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:38:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:39:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:39:55: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:40:14: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
2008-10-20 14:40:51: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:41:08: error:.\NSClientListener.cpp:307: Unauthorized access from: 194.170.242.205
2008-10-20 14:41:15: error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!
‘
Excellent tutorial. Thanks a lot. Any advice on how to monitor the CPU of servers with more than 1 CPU?
Great tips! I spent whole day today tried to figure things out. This solved all problems and everything just worked, except the CPULoad, which I believe is a bug in the NSClient++ on Server 2003 x64.
Many thanks.
Hi:
Rajesh.
I have the same problem with. Now I have deal with it .
The first you can disable NRPEClient.dll in the NSC.ini file
and “allowed_hosts=192.168.1.2/255.255.255.0″ this ip is your nagios server’s ip address. You can modification it and try .
Here is my Nsclient configuration.
;####### Here y can start #######
[modules]
;# NSCLIENT++ MODULES
;# A list with DLLs to load at startup.
; You will need to enable some of these for NSClient++ to work.
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
; * *
; * N O T I C E ! ! ! – Y O U H A V E T O E D I T T H I S *
; * *
; ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !
FileLogger.dll
CheckSystem.dll
CheckDisk.dll
NSClientListener.dll
NRPEListener.dll
SysTray.dll
CheckEventLog.dll
CheckHelpers.dll
;CheckWMI.dll
;
; RemoteConfiguration IS AN EXTREM EARLY IDEA SO DONT USE FOR PRODUCTION ENVIROMNEMTS!
;RemoteConfiguration.dll
; NSCA Agent is a new beta module use with care!
NSCAAgent.dll
; LUA script module used to write your own “check deamon” (sort of) early beta.
LUAScript.dll
; Script to check external scripts and/or internal aliases, early beta.
CheckExternalScripts.dll
; Check other hosts through NRPE extreme beta and probably a bit dangerous!
NRPEClient.dll
; Extreamly early beta of a task-schedule checker
CheckTaskSched.dll
[Settings]
;# OBFUSCATED PASSWORD
; This is the same as the password option but here you can store the password in an obfuscated manner.
; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the
; password. Its just a bit harder to do it at first glance.
;obfuscated_password=Jw0KAUUdXlAAUwASDAAB
;
;# PASSWORD
; This is the password (-s) that is required to access NSClient remotely. If you leave this blank everyone will be able to access the daemon remotly.
;password=secret-password
;
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are allowed to talk to the all daemons.
; If leave this blank anyone can access the deamon remotly (NSClient still requires a valid password).
; The syntax is host or ip/mask so 192.168.0.0/24 will allow anyone on that subnet access
allowed_hosts=207.182.137.60
;
;# USE THIS FILE
; Use the INI file as opposed to the registry if this is 0 and the use_reg in the registry is set to 1
; the registry will be used instead.
use_file=1
[log]
;# LOG DEBUG
; Set to 1 if you want debug message printed in the log file (debug messages are always printed to stdout when run with -test)
;debug=1
;
;# LOG FILE
; The file to print log statements to
;file=NSC.log
;
;# LOG DATE MASK
; The format to for the date/time part of the log entry written to file.
;date_mask=%Y-%m-%d %H:%M:%S
[NSClient]
;# ALLOWED HOST ADDRESSES
; This is a comma-delimited list of IP address of hosts that are allowed to talk to NSClient deamon.
; If you leave this blank the global version will be used instead.
allowed_hosts=207.182.137.60
;
;# NSCLIENT PORT NUMBER
; This is the port the NSClientListener.dll will listen to.
port=12489
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname.
; Leaving this blank will bind to all avalible IP adresses.
;bind_to_address=
;
;# SOCKET TIMEOUT
; Timeout when reading packets on incoming sockets. If the data has not arrived withint this time we will bail out.
;socket_timeout=30
[NRPE]
;# NRPE PORT NUMBER
; This is the port the NRPEListener.dll will listen to.
port=5666
;
;# COMMAND TIMEOUT
; This specifies the maximum number of seconds that the NRPE daemon will allow plug-ins to finish executing before killing them off.
;command_timeout=60
;
;# COMMAND ARGUMENT PROCESSING
; This option determines whether or not the NRPE daemon will allow clients to specify arguments to commands that are executed.
;allow_arguments=0
;
;# COMMAND ALLOW NASTY META CHARS
; This option determines whether or not the NRPE daemon will allow clients to specify nasty (as in |`&><’”\[]{}) characters in arguments.
;script_dir=c:\my\script\dir
[External Scripts]
;check_es_long=scripts\long.bat
;check_es_ok=scripts\ok.bat
;check_es_nok=scripts\nok.bat
;check_vbs_sample=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
[External Alias]
;alias_cpu=checkCPU warn=80 crit=90 time=5m time=1m time=30s
;alias_disk=CheckDriveSize MinWarn=10% MinCrit=5% CheckAll FilterType=FIXED
;alias_service=checkServiceState CheckAll
;alias_mem=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=physical
; [includes]
;# The order when used is “reversed” thus the last included file will be “first”
;# Included files can include other files (be carefull only do basic recursive checking)
;
; myotherfile.ini
; real.ini
[NSCA Agent]
;# CHECK INTERVALL (in seconds)
; How often we should run the checks and submit the results.
;interval=5
;
;# ENCRYPTION METHOD
; This option determines the method by which the send_nsca client will encrypt the packets it sends
; to the nsca daemon. The encryption method you choose will be a balance between security and
; performance, as strong encryption methods consume more processor resources.
; You should evaluate your security needs when choosing an encryption method.
;
; Note: The encryption method you specify here must match the decryption method the nsca daemon uses
; (as specified in the nsca.cfg file)!!
; Values:
; 0 = None (Do NOT use this option)
; 1 = Simple XOR (No security, just obfuscation, but very fast)
; 2 = DES
; 3 = 3DES (Triple DES)
; 4 = CAST-128
; 6 = xTEA
; 8 = BLOWFISH
; 9 = TWOFISH
; 11 = RC2
; 14 = RIJNDAEL-128 (AES)
; 20 = SERPENT
;encryption_method=14
;
;# ENCRYPTION PASSWORD
; This is the password/passphrase that should be used to encrypt the sent packets.
;password=
;
;# BIND TO ADDRESS
; Allows you to bind server to a specific local address. This has to be a dotted ip adress not a hostname.
; Leaving this blank will bind to “one” local interface.
; — not supported as of now —
;bind_to_address=
;
;# LOCAL HOST NAME
; The name of this host (if empty “computername” will be used.
;hostname=
;
;# NAGIOS SERVER ADDRESS
; The address to the nagios server to submit results to.
;nsca_host=192.168.0.1
;
;# NAGIOS SERVER PORT
; The port to the nagios server to submit results to.
;nsca_port=5667
;
;# CHECK COMMAND LIST
; The checks to run everytime we submit results back to nagios
; Any command(alias/key) starting with a host_ is sent as HOST_COMMAND others are sent as SERVICE_COMMANDS
; where the alias/key is used as service name.
;
[NSCA Commands]
;my_cpu_check=checkCPU warn=80 crit=90 time=20m time=10s time=4
;my_mem_check=checkMem MaxWarn=80% MaxCrit=90% ShowAll type=page
;my_svc_check=checkServiceState CheckAll exclude=wampmysqld exclude=MpfService
;host_check=check_ok
[NRPE Handlers]
;# COMMAND DEFINITIONS
;# Command definitions that this daemon will run.
;# Can be either NRPE syntax:
;command[check_users]=/usr/local/nagios/libexec/check_users -w 5 -c 10
;# Or simplified syntax:
;test=c:\test.bat foo $ARG1$ bar
;check_disk1=/usr/local/nagios/libexec/check_disk -w 5 -c 10
;# Or even loopback (inject) syntax (to run internal commands)
;# This is a way to run “NSClient” commands and other internal module commands such as check eventlog etc.
;check_cpu=inject checkCPU warn=80 crit=90 5 10 15
;check_eventlog=inject CheckEventLog Application warn.require.eventType=error warn.require.eventType=warning critical.require.eventType=error critical.exclude.eventType=info truncate=1024 descriptions
;check_disk_c=inject CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M File:WIN=c:\ATI\*.*
;# But be careful:
; dont_check=inject dont_check This will “loop forever” so be careful with the inject command…
;# Check some escapings…
; check_escape=inject CheckFileSize ShowAll MaxWarn=1024M MaxCrit=4096M “File: foo \” WIN=c:\\WINDOWS\\*.*”
;# Some real world samples
;nrpe_cpu=inject checkCPU warn=80 crit=90 5 10 15
;nrpe_ok=scripts\ok.bat
;check_multi_line=scripts\multi_line.bat
;#
;# The sample scripts
;#
;check_long=scripts\long.bat
;check_ok=scripts\ok.bat
;check_nok=scripts\xlong.bat
;check_vbs=cscript.exe //T:30 //NoLogo scripts\check_vb.vbs
;# REMOTE NRPE PROXY COMMANDS
; A list of commands that check other hosts.
; Used by the NRPECLient module
[NRPE Client Handlers]
check_other=-H 192.168.0.1 -p 5666 -c remote_command -a arguments
; # here ends #####
add the ports Nagios-nrpe 5666 and Nagios-Nsclient – 12489 to be oped only to nagios server.
This is the configuration for monitoring nagios host for windows client.
### Here starts #############
define host{
use windows-server ; Inherit default values from a template
host_name Netech-prod ; The name we’re giving to this host
alias Netech-Production ; name associated with the host
address 22.147.45.1 ; IP address of the host
}
define service{
use generic-service
host_name Netech-prod
service_description Uptime
check_command check_nt!UPTIME
}
define service{
use generic-service
host_name Netech-prod
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
define service{
use generic-service
host_name Netech-prod
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
}
define service{
use generic-service
host_name Netech-prod
service_description C:\ Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
define service{
use generic-service
host_name Netech-prod
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
define service{
use generic-service
host_name Netech-prod
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe
}
define service{
use generic-service
host_name Netech-prod
service_description MSSQL-server
check_command check_nt!PROCSTATE!-d SHOWALL -l sqlservr.exe
}
define service{
use generic-service
host_name Netech-prod
service_description IIS-webserver
check_command check_nt!PROCSTATE!-d SHOWALL -l inetinfo.exe
}
define service{
use generic-service
host_name Netech-mantis
service_description FTP
check_command check_ftp
}
define service{
use generic-service
host_name Netech-prod
service_description Netech-portal
check_command check_http!-u http://www.touchmemobile.com/index.aspx -t 5 -s “Mobile”
}
### here ends #####33
How to monitor MS Exchange 2007 using Nagios?
Somebody trying to do it? Also HUB Exchange?
Will appriciate for the help.
Hi,
I am getting the following error on the logs:
2008-12-23 11:37:04: error:.\NSClientListener.cpp:307: Unauthorized access from: 10.5.1.99
that IP is a router in between my nagios server and the PC to monitor.
Ping results are fine but not getting any other data. getting unable to fetch information from server.
all ports are opened.
hi ramesh,
Great .But it is only for monitoring single windows machine.Can you please tell me about how to monitor multiple windows and unix machines.what configuration changes we do to monitor multiple windows and unix machine?
You sir, are a gentleman and a scholar! Thank you.
Can anyone provide a *working* link to the i386 client for 2003 server? All sourceforge links/mirrors appear to be down.
hi ramesh
thanks so much for this easy “how to” this has helped a lot as i have just started using nagios 3.6. what a great tool.
only how do you configure it to monitor multiple windowz workstations and windowz servers remotely.
any help greatly appreciated
hi ramesh,
I am new to nagios. I have set up a window XP box. I have followed ur instructions and configured the windows and linux box. But after installation and restarting the server is showing network not reachable. Any idea?
hi,
I configured the nagios and set to monitor windows machine. Nagios shows that windows is up but when for service it shows ‘connection refused’ . Any idea?
aditya, check your IP address in the windows.cfg file … where you define your host.
HELP: how do one monitor more than 1 windows server?
@John,
To monitor VPN tunnels, refer to How to monitor VPN Active sessions article.
Very valid point. This article is definitely a basic jumpstart guide to setup monitoring basic services on Windows machine. I’ve added in my list of things to do to write another article to monitor more advanced services like Activite Directory, LDAP, DNS etc. like you’ve mentioned.
@Shib,
Absolutely. You can write your own script to monitor any custom application that you may be running on the remote server. Refer to this article for such an example.
@Simon, @Jack,
Thanks for jumping-in and helping out Rajesh on the problem he reported.
@Ian,
There is nothing special you have to do to monitor a multipel CPU server. It’s exactly the same process. If you having any problem monitoring a server with multiple CPU, can you please let me know what issue you are having?
@Slimer,
Refer to this articles on how to monitoring microsoft exchange server with nagios.
@Azuziel,
All the NSClient++ download links on sourceforge is working properly. For example, download NSClient++
@Guillaume, @Bud, @Prabuk,
To monitor multiple windows server using nagios, define multiple hosts in the windows.cfg mentioned in the step#3. For example, your /usr/local/nagios/etc/objects/windows.cfg will looks like the following:
define host{ use windows-server host_name remote-windows-host1 alias Remote Windows Host1 address 192.168.1.4 } define host{ use windows-server host_name remote-windows-host2 alias Remote Windows Host2 address 192.168.1.5 }I see in the nagios.cfg you can specify a directory where Nagios will look for .cfg files and process all it finds. The syntax is, for example:
cfg_dir=/usr/local/nagios/etc/servers
So you could create a windows-servers directory and create new copies of the windows.cfg, one for each server you’re monitoring and edit them accordingly? I end this with a ? because I’m just guessing and will try it out myself!
Also I am monitoring a 2008 Standard server with NSClient++ (latest stable) and it’s working well with the quickstart guide’s configuration.
I tried to create a “mswindows” folder like you mentioned and I couldn’t get the darn thing to work. Getting multiple Win servers monitored is what’s driving me mad this week, as I’m trying to learn Nagios and all the docs out there got me up and running for one server. I know I’m goofing something up somewhere when it comes to multiple Win servers. Gonna try the above suggestion.
@Kevin Kraft ,
Yes. You can absolutely do that. i.e define a new cfg_dir for windows and create one individual *.cfg file (for each windows server) under this new cfg_dir. Keep us posted on how it went.
@Carlos ,
You really don’t need to create a new cfg_dir to monitor multiple windows server. It is optional. You can use one /usr/local/nagios/etc/objects/windows.cfg file and define multiple host in it as I’ve explained in the comment above. Can you please let us know what kind of issues you are facing when you tried this method?
@Carlos,
I got it working, but it took some trial and error. Essentially just making copies of the sample windows.cfg wasn’t working, so I had to comment out everything in copy and start one thing at a time until I got it right. From what I can tell, you need to keep the ‘hostgroup’ section commented out in all but the first .cfg you make. This will set the hostgroup for the template ‘windows-servers’, so any other host added that uses that template will automatically be added. I got errors if I included this in the other .cfg’s.
I think multiple .cfgs, one for each server, is a better way for me to do it, because it will keep them more organized. I support tens of small businesses all over my area and am working to monitor them all over the Internet. This is method just makes more sense to me.
Hope this helps, Carlos! Post back with your progress!
-K
Hi
I have configured Nagios to monitor windows machine. It is showing me all processes are critical with an error “CRITICAL – Socket timeout after 10 seconds”
in the nagios server.
In the windows client it is showing me following error
“error:.\NSCAThread.cpp:208: <<< NSCA Configuration missmatch (hint: if you dont use NSCA dot use the NSCA module)!”
Please help me. I am trying to get rid of it from last one week. Thanks in advance.
Hi
Good article! But I have one question. How monitor for Windows EventLog?
Hi ramesh,
I got this error when tried to install on windows server 2008
“No connection could be made because the target machine actively refused it” (from nsclient++ log)
everything work fine on other OS but not on win server 2008.
do you have any solution??
Thanks.
@Kevin,
Thanks for following up on this topic and helping Carlos out. I really appreciate it.
@Vishal,
Can you double check to make sure you’ve installed the NSClient++ exactly as explained in this article. Also, make sure there are not any ports blocked between the client and the nagios server.
@Saibaneko,
Define the check_Event_log command
define command { command_name check_event_log command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c checkEventLog -a filter=new file=system file=application MaxWarn=1 MaxCrit=1 filter-generated=>2d filter-eventSource=substr:Service filter-eventSource=substr:Tcpip }Now, define the services with the check_Event_log
define service{ use generic-service host_name remote-windows-host service_description Check Event Log check_command check_event_log }@Eizar,
Make sure the client and server can communicate without any issues. Is all the necessary ports open between the client and the nagios server. Are you able to ping the client from the nagios server?
Hi,
Is there is any alternative to monitor the DNS Server Services without using any plugins