• No results found

Nagios XI Monitoring Windows Using WMI

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Nagios XI Monitoring Windows Using WMI"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

The Industry Standard in IT Infrastructure Monitoring

Purpose

This document describes how to monitor Windows machines with Nagios® XI using WMI.

WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines.

Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.

Target Audience

This document is intended for use by Nagios XI Administrators who want to monitor Windows servers and workstations without having to install an agent.

XI Server Requirements

Before you can monitor Windows machines using WMI, you must install the WMI client on the Nagios XI server. For instructions on doing this, read the following document from the Nagios Library:

Installing The WMI Client For XI

http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf

Windows Machine Requirements

You will need to ensure you have the following requirements setup before you can use WMI to monitor and windows server or workstation.

• WMI service is running • WMI user account set up • Firewall rules set up

We will walk through each of these requirements for the window machine you wish to monitor. You will need to log in as a user with administrator privileges.

WMI Service

First, verify the WMI service is running on your windows machine: Click Start and choose Run.

The window to the right will appear and type “services.msc” in the Open field.

(2)

that the Windows Management Instrumentation service is running. You can configure and start the service in the Computer Management console under the Services section.

Verify the service Windows Management Instrument (WMI) is in a status of Started.

Configure A WMI User Account On The Windows Machine:

Next, configure a WMI user account on the local machine. We'll create a new user account called “wmiagent” with a password “wmiagent” as an example.

From the command prompt enter: net user wmiagent wmiagent /add

Setting WMI permissions

WMI requires a valid username and password on the target system. The following steps outline how to add only the permissions needed to the Windows user account. However, you can add the user to be a member of the local administrators group instead. Note: If you wish to monitor multiple computers across the domain, instead add the user to be a member of the “Distributed Com Users”, “Performance Log Users” and “Performance Monitor Users” groups.

Adding Remote Activation Privilege to Windows DCOM

Next, we need to give our newly created user access to DCOM on the

(3)

Select COM Security tab, and next choose the Edit Limits... button from the Launch Activation Permissions section.

Add the user that will be used by Nagios to monitor this machine, in our case the user is wmiagent.

Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You will now see wmiagent as a user.

Check the Remote Launch and Remote Activation check boxes under Allow. Click OK twice.

Adding Remote WMI Access

In order for our user to return data remotely from WMI, access to the WMI namespace CIMV2 must be added.

Click Start, choose Run, type “WMImgmt.msc”

(4)

Select the Security tab of the WMI Control Properties. Expand Root, and right click on CIMV2, select Properties

Note: In later version of Windows you need to select CMIV2 and click the Security button.

Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You may need to use the Check Names button to find the correct object.

You will now see “wmiagent” as a user.

Check the Enable Account and Remote Enable check boxes under Allow. Click OK twice.

Windows Firewall Settings

Next, configure the firewall rules specific to the version of windows being monitored. Windows Server 2008

Windows Server 2008 should by default have the correct firewall rules set.

(5)

Verify the Inbound Rules exist and are enabled for:

• DCOM

• WMI

If the WMI rule group does not exist as pictured above, the recommended settings are listed here as outlined by Microsoft. From the command prompt enter:

netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot %\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135 netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot %\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot %\system32\wbem\unsecapp.exe action=allow

netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot %\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any

More details about 2008 firewall settings can be found at:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa822854(v=vs.85).aspx

(6)

Click Start, choose Run, type “DCOMCnfg.exe”

Expand Component Services, expand Computers, right-click My Computer, and select Properties.

Next, choose the Default Protocols tab Select Properties and click Add.

(7)

Allow the port range through the windows firewall. This command will open ports from 5000-5020 to match the COM Internet Services Range.

From the command prompt enter:

FOR /L %I IN (5000,1,5020) DO netsh fire wall add portopening TCP %I "COM"%I

Lastly, open DCOM port 135 From the command prompt enter:

netsh firewall add portopening TCP 135 "DCOM"

Windows XP

If you are running a firewall on the Windows machine, you must ensure that the Nagios server can contact the WMI service.

To do this, you must open TCP Port 135 on the Windows firewall. Navigate to Start→All Programs→Accessories→System Tools→Security Center

From the Windows Security Center click on the link to Manage Setting for: Windows Firewalls.

Switch to the Exception Tab and click the Add Port Button. The following window will open.

Enter WMI for the Name and Port number 135, then click OK.

Installing The WMI Monitoring Wizard (For users running Nagios XI 2012 r1.0 and earlier)

Now that we have the windows machine set up to connect with WMI, we can now set up Nagios XI to monitor it. To do so we will use the WMI Monitoring Wizard.

(8)

To install the wizard in Nagios XI, go to Admin → Manage Config Wizards.

Browse for the windowswmi.zip that was downloaded above and click the Upload Wizard button.

Running The WMI Wizard

Once the wizard is installed in Nagios XI, it will be available when you navigate to Configure → Run the Monitoring Wizard → Windows WMI wizard.

The wizard will prompt you for the IP Address of the Windows machine, along with the Username and Password to access the machine.

Click Next.

The wizard will allow you to select what types of metrics and data should be monitored, along with warning and critical thresholds. New in XI5, WMI will detect disks, services, and processes that are on your machine. This makes it much easier to set up checks for those services. If XI5 is not able to communicate via WMI, the error information will also display.

Metrics and data that can be monitored using the WMI wizard include:

• CPU Usage

• Memory Usage • Page File Usage • Disk Usage • Service State • Process State • Event Log Data

(9)

enable, click Next to continue. Customize your monitoring setting as needed and click Finish.

The screen shot below shows disk, cpu, memory, service, and additional process monitoring capabilities of the WMI wizard.

Troubleshooting

If the status information on the Service Detail page is empty (null) or states “Install wmic”. The problem is probably that the WMIC plugins were not installed properly. Redo the installation steps outlined in the document below:

How To Install The WMI Client For Nagios XI

http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf

When the process that is trying to access the namespace does not have the required WMI privileges, you may see errors similar to this one:

UNKNOWN - The WMI query had problems. The error text from wmic is: [wmi/wmic.c:212:main()] ERROR: Retrieve result data.

NTSTATUS: NT code 0x80041003 - NT code 0x80041003

To fix the issue, log in the remote Windows box (target machine), open the CMD Prompt as an Administrator, and run the following command in order to allow WMI queries:

sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD) (AU;OIIOFA;GA;;;WD)

Sourced from here: http://support.microsoft.com/kb/907460

This command is proven to work on Windows 2003, 2008R2 and 2012R2 – no reboot is required.

Finishing Up

(10)

References

Download now ( PDF - 10 Page - 456.70 KB )

Related documents

Nonlinear Dynamics in Multimode Optical Fibers

Figure 8-13 The 6-core multimode fiber is tapered into an equidistant multicore fiber structures, where all the modes are strongly coupled to each other and thus DGD is mitigated..

Insurance Law-Contribution

- English Court of Appeal: When a policy contained a rateable contribution clause, the insurer had no right of contribution unless he paid more than his own share of the liability..

Brief report: quality of life is impaired in pediatric burn survivors with posttraumatic stress disorder

Objective This study assessed health-related quality of life (HRQOL) and posttraumatic stress disorder (PTSD) in pediatric burn survivors and examined associations between PTSD

Comparing access to medical homes for children aged 6-17 years with ADD/ADHD and Autism in Arkansas

According to their parents, almost six out of ten children (58%) with ADD/ADHD and seven out of ten (72%) children with autism had a family- centered home in Arkansas. However, 65%

The Impact of Intra-Household Gender Relations in Accessing Agricultural Extension Services for Improved Livelihoods: The Case of NAADS Beneficiary Sub-Counties in Kabale District

Women are at greater disadvantage because they have relatively limited material assets and also more limited social capital (access to income, goods and services through

SAMPLE SYLLABUS

Activity Number of hours / student workload Lecture 15 h Exercises 30 h preparation for exercise 15 h part in the consultation 3h time to prepare

SCUOLA SUPERIORE SANT ANNA 2007/2008

Abstract – Application and Network Monitoring on Windows and Linux Platforms exploiting characteristics of WMI and WBEM Technology and using various protocols.. A

Inmunidad pasiva en el control de la diarrea por coronavirus bovino en un rodeo lechero de Argentina

Considering the presence of neonatal diarrhea in calves with varying titers of colostrum Abs, it was observed that all calves were affected by one, two or even three events of