Solved

Monitoring Windows clients in a remote network with Nagios

Posted on 2009-04-01
22
1,405 Views
Last Modified: 2012-07-06
What is the best way to monitor Windows clients in a remote network ?
0
Comment
Question by:sguido
  • 8
  • 7
  • 4
  • +2
22 Comments
 
LVL 14

Accepted Solution

by:
Deepak Kosaraju earned 250 total points
ID: 24045342
0
 
LVL 1

Author Comment

by:sguido
ID: 24045353
The network is at another site with a connection to the internet through an ASA.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24045379
what is ASA?
Make sure you have connection to the windows servers, and open firewall rules to allow connection for check_nt to talk to NSClient++ service on windows boxes. Default port for NSClient++ is 12489.
0
 
LVL 1

Author Comment

by:sguido
ID: 24045396
I have one public IP.  Is there a way to configure each windows host with a different port number? that way i can translate each port to a different client in my firewall?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 24045420
two options.
1)  setup a site-to-site vpn so  you can communicate with the hosts
or
2) setup a second nagios server at the remote site that will work with your current nagios server.  setup a nat for that server so that your current server can communicate with the remote one.  

this doesn't replace the fact that you need the NSClient++ that kosarajudeepak mentioned to monitor windows servers in depth (e.g. beyond pinging or checking if a tcp port is open and listening;  it is used to query for perf mon stats and such)
0
 
LVL 1

Author Comment

by:sguido
ID: 24045432
can i change the port number on each nsclient++ and have nagios communicate between different ports?
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24045459
Yes you can change the port# Step 7 in the link i sent you will talk about it
7.  Edit the NSC.INI file (located in the C:\NSClient++ directory) and make the following changes:
Uncomment all the modules listed in the [modules] section, except for CheckWMI.dll and RemoteConfiguration.dll
Optionally require a password for clients by changing the 'password' option in the [Settings] section.
Uncomment the 'allowed_hosts' option in the [Settings] section. Add the IP address of the Nagios server to this line, or leave it blank to allow all hosts to connect.
Make sure the 'port' option in the [NSClient] section is uncommented and set to '12489' (the default port).
0
 
LVL 1

Author Comment

by:sguido
ID: 24045466
will i have to change the port number anywhere in the nagios server config?
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24045487
S check_nt has different option you pass
check_nt -H Hostname -p Port
For example if u have connections comes to firewall with 123  port mapping to server1 then u do the checks on server as
check_nt -H  -p 1234
Similarly
check_nt -H   -p 5678
etc....

I never tried this kind of single host public ip scenario, but logistics should work
Check the following for more options.


# ./check_nt --help

check_nt v1991 (nagios-plugins 1.4.12)

Copyright (c) 2000 Yves Rubin (rubiyz@yahoo.com)

Copyright (c) 2000-2007 Nagios Plugin Development Team

	<nagiosplug-devel@lists.sourceforge.net>
 

This plugin collects data from the NSClient service running on a

Windows NT/2000/XP/2003 server.
 
 

Usage:check_nt -H host -v variable [-p port] [-w warning] [-c critical][-l params] [-d SHOWALL] [-t timeout]
 

Options:

 -h, --help

    Print detailed help screen

 -V, --version

    Print version information

Options:

 -H, --hostname=HOST

   Name of the host to check

 -p, --port=INTEGER

   Optional port number (default: 1248)

 -s <password>

   Password needed for the request

 -w, --warning=INTEGER

   Threshold which will result in a warning status

 -c, --critical=INTEGER

   Threshold which will result in a critical status

 -t, --timeout=INTEGER

   Seconds before connection attempt times out (default: 10)

 -h, --help

   Print this help screen

 -V, --version

   Print version information

 -v, --variable=STRING

   Variable to check
 

Valid variables are:

 CLIENTVERSION = Get the NSClient version

  If -l <version> is specified, will return warning if versions differ.

 CPULOAD =

  Average CPU load on last x minutes.

  Request a -l parameter with the following syntax:

  -l <minutes range>,<warning threshold>,<critical threshold>.

  <minute range> should be less than 24*60.

  Thresholds are percentage and up to 10 requests can be done in one shot.

  ie: -l 60,90,95,120,90,95

 UPTIME =

  Get the uptime of the machine.

  No specific parameters. No warning or critical threshold

 USEDDISKSPACE =

  Size and percentage of disk use.

  Request a -l parameter containing the drive letter only.

  Warning and critical thresholds can be specified with -w and -c.

 MEMUSE =

  Memory use.

  Warning and critical thresholds can be specified with -w and -c.

 SERVICESTATE =

  Check the state of one or several services.

  Request a -l parameters with the following syntax:

  -l <service1>,<service2>,<service3>,...

  You can specify -d SHOWALL in case you want to see working services

  in the returned string.

 PROCSTATE =

  Check if one or several process are running.

  Same syntax as SERVICESTATE.

 COUNTER =

  Check any performance counter of Windows NT/2000.

  Request a -l parameters with the following syntax:

  -l "\\<performance object>\\counter","<description>

  The <description> parameter is optional and is given to a printf 

  output command which requires a float parameter.

  If <description> does not include "%%", it is used as a label.

  Some examples:

  "Paging file usage is %%.2f %%%%"

  "%%.f %%%% paging file used."

 INSTANCES =

  Check any performance counter object of Windows NT/2000.

  Syntax: check_nt -H <hostname> -p <port> -v INSTANCES -l <counter object>

  <counter object> is a Windows Perfmon Counter object (eg. Process),

  if it is two words, it should be enclosed in quotes

  The returned results will be a comma-separated list of instances on 

   the selected computer for that object.

  The purpose of this is to be run from command line to determine what instances

   are available for monitoring without having to log onto the Windows server

    to run Perfmon directly.

  It can also be used in scripts that automatically create Nagios service

   configuration files.

  Some examples:

  check_nt -H 192.168.1.1 -p 1248 -v INSTANCES -l Process
 

Notes:

 - The NSClient service should be running on the server to get any information

   (http://nsclient.ready2run.nl).

 - Critical thresholds should be lower than warning thresholds

 - Default port 1248 is sometimes in use by other services. The error

   output when this happens contains "Cannot map xxxxx to protocol number".

   One fix for this is to change the port to something else on check_nt 

   and on the client service it's connecting to.
 

Send email to nagios-users@lists.sourceforge.net if you have questions

regarding use of this software. To submit patches or suggest improvements,

send email to nagiosplug-devel@lists.sourceforge.net

Open in new window

0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24045494
Nothing you will be changing in nagios.cfg related to nsclient connectivity. but make sure your config's are good.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:sguido
ID: 24045507
excuse my ignorance but where is the check_nt file?
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24045585
It will be under nagios plugin directory be default it is /usr/lib/nagios/plugins but you have to check your installation procedure as per your need you might have changed it to some other location.
0
 
LVL 1

Author Comment

by:sguido
ID: 24054670
Check_nt is not a file in the Nagios plug in directory.
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24054862
did u install nagios-plugins rpm (or) package from source..
http://nagiosplugins.org/node/89
Repository:
http://sourceforge.net/project/showfiles.php?group_id=29880&package_id=21883
0
 
LVL 6

Expert Comment

by:jimmmg
ID: 24057885
i know one smart tool for monitoring remote client, u can take a look and have a free trial:
www.employee-monitoring.net
0
 
LVL 1

Author Comment

by:sguido
ID: 24072121
I installed the package from the source and can browse into the plug-in directory but don't see the check_nt file.  i do se the executable but am unable to open it with a VI
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 24072334
Binary Executables cannot be opened are read using vi.  Ok download from following site and install it
http://rpm.pbone.net/index.php3/stat/4/idpl/12373565/com/nagios-check_nt-1.4.13-12mdv2009.0.i586.rpm.html
0
 

Expert Comment

by:blueboy74
ID: 24485100
make install-config will install the sample config files.
0
 

Assisted Solution

by:blueboy74
blueboy74 earned 250 total points
ID: 24485172
I too am looking into this. However, because the port used to communicate is defined on both the server nagios config and widnows client, i see no way to do this other to use a plugin like NRPE. Now that isn;t to say that you cannot add a variable to each of the check_nt command configs ala this one for SSH:


define command{
        command_name check_somecommand_remote
        command_line $USER1$/check_by_ssh -i /usr/local/etc/nagios/keys/id_dsa -l nagioscheck -H $HOSTADDRESS$ $ARG3$ -C "/path/to/command -w $ARG1$ -c $ARG2$"
        }

notice the $ARG3$ I've added, this allows me to specify a different port:

define service{
        use generic-service
        host_name somehost
        service_description Root Partition
        is_volatile 0
        check_period 24x7
        max_check_attempts 4
        normal_check_interval 5
        retry_check_interval 1
        contact_groups admins
        notification_interval 1440
        notification_period workhours
        notification_options w,c,r
        check_command check_somecommand_remote!80%!100%!-p 24
        }

Notice the last line, where you can now specify a port. this works with CHECK_SSH not sure about CHECK_NT, never tried it, though I will be soon.

The other option is to bring up a vm or something at the datacenter with a linux build. install NRPE, and use it to report back to the localized nagios on the internal network.
0
 

Expert Comment

by:blueboy74
ID: 24485245
@ KOS

ASA is an enterprise level cisco router/firewall.
0
 

Expert Comment

by:blueboy74
ID: 24487259
solved.

Here's my check_nt usage, edit /usr/local/nagios/etc/objects/windows.cfg

add -p xxxx for whatever port you'd like to use to monitor the windows box. make the same port change in the nsc.ini file to match the port you set in windows.cfg.
add  a simple port forward to firewall to wanted server via rotuer/asa/whatever

Just make sure to incriment ports accordingly. 12489 is used by default, so I started with 124850

Enjoy


Host def section

define host{

        use             windows-server  ; Inherit default values from a template

        host_name       whatever      ; The name we're giving to this host

        alias           whatever      ; A longer name associated with the host

        address         ie:206.xxx.xxx.xxx   ; IP address of the host

        }
 
 
 

define service{

        use                     generic-service

        host_name               desired servername

        service_description     NSClient++ Version

        check_command           check_nt!CLIENTVERSION -p 12850

        }
 

define service{

        use                     generic-service

        host_name               desired servername

        service_description     Uptime

        check_command           check_nt!UPTIME -p 12850

        }

Open in new window

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now