sguido
asked on
Monitoring Windows clients in a remote network with Nagios
What is the best way to monitor Windows clients in a remote network ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
what is ASA?
Make sure you have connection to the windows servers, and open firewall rules to allow connection for check_nt to talk to NSClient++ service on windows boxes. Default port for NSClient++ is 12489.
Make sure you have connection to the windows servers, and open firewall rules to allow connection for check_nt to talk to NSClient++ service on windows boxes. Default port for NSClient++ is 12489.
ASKER
I have one public IP. Is there a way to configure each windows host with a different port number? that way i can translate each port to a different client in my firewall?
two options.
1) setup a site-to-site vpn so you can communicate with the hosts
or
2) setup a second nagios server at the remote site that will work with your current nagios server. setup a nat for that server so that your current server can communicate with the remote one.
this doesn't replace the fact that you need the NSClient++ that kosarajudeepak mentioned to monitor windows servers in depth (e.g. beyond pinging or checking if a tcp port is open and listening; it is used to query for perf mon stats and such)
1) setup a site-to-site vpn so you can communicate with the hosts
or
2) setup a second nagios server at the remote site that will work with your current nagios server. setup a nat for that server so that your current server can communicate with the remote one.
this doesn't replace the fact that you need the NSClient++ that kosarajudeepak mentioned to monitor windows servers in depth (e.g. beyond pinging or checking if a tcp port is open and listening; it is used to query for perf mon stats and such)
ASKER
can i change the port number on each nsclient++ and have nagios communicate between different ports?
Yes you can change the port# Step 7 in the link i sent you will talk about it
7. Edit the NSC.INI file (located in the C:\NSClient++ directory) and make the following changes:
Uncomment all the modules listed in the [modules] section, except for CheckWMI.dll and RemoteConfiguration.dll
Optionally require a password for clients by changing the 'password' option in the [Settings] section.
Uncomment the 'allowed_hosts' option in the [Settings] section. Add the IP address of the Nagios server to this line, or leave it blank to allow all hosts to connect.
Make sure the 'port' option in the [NSClient] section is uncommented and set to '12489' (the default port).
7. Edit the NSC.INI file (located in the C:\NSClient++ directory) and make the following changes:
Uncomment all the modules listed in the [modules] section, except for CheckWMI.dll and RemoteConfiguration.dll
Optionally require a password for clients by changing the 'password' option in the [Settings] section.
Uncomment the 'allowed_hosts' option in the [Settings] section. Add the IP address of the Nagios server to this line, or leave it blank to allow all hosts to connect.
Make sure the 'port' option in the [NSClient] section is uncommented and set to '12489' (the default port).
ASKER
will i have to change the port number anywhere in the nagios server config?
S check_nt has different option you pass
check_nt -H Hostname -p Port
For example if u have connections comes to firewall with 123 port mapping to server1 then u do the checks on server as
check_nt -H -p 1234
Similarly
check_nt -H -p 5678
etc....
I never tried this kind of single host public ip scenario, but logistics should work
Check the following for more options.
check_nt -H Hostname -p Port
For example if u have connections comes to firewall with 123 port mapping to server1 then u do the checks on server as
check_nt -H -p 1234
Similarly
check_nt -H -p 5678
etc....
I never tried this kind of single host public ip scenario, but logistics should work
Check the following for more options.
# ./check_nt --help
check_nt v1991 (nagios-plugins 1.4.12)
Copyright (c) 2000 Yves Rubin (rubiyz@yahoo.com)
Copyright (c) 2000-2007 Nagios Plugin Development Team
<nagiosplug-devel@lists.sourceforge.net>
This plugin collects data from the NSClient service running on a
Windows NT/2000/XP/2003 server.
Usage:check_nt -H host -v variable [-p port] [-w warning] [-c critical][-l params] [-d SHOWALL] [-t timeout]
Options:
-h, --help
Print detailed help screen
-V, --version
Print version information
Options:
-H, --hostname=HOST
Name of the host to check
-p, --port=INTEGER
Optional port number (default: 1248)
-s <password>
Password needed for the request
-w, --warning=INTEGER
Threshold which will result in a warning status
-c, --critical=INTEGER
Threshold which will result in a critical status
-t, --timeout=INTEGER
Seconds before connection attempt times out (default: 10)
-h, --help
Print this help screen
-V, --version
Print version information
-v, --variable=STRING
Variable to check
Valid variables are:
CLIENTVERSION = Get the NSClient version
If -l <version> is specified, will return warning if versions differ.
CPULOAD =
Average CPU load on last x minutes.
Request a -l parameter with the following syntax:
-l <minutes range>,<warning threshold>,<critical threshold>.
<minute range> should be less than 24*60.
Thresholds are percentage and up to 10 requests can be done in one shot.
ie: -l 60,90,95,120,90,95
UPTIME =
Get the uptime of the machine.
No specific parameters. No warning or critical threshold
USEDDISKSPACE =
Size and percentage of disk use.
Request a -l parameter containing the drive letter only.
Warning and critical thresholds can be specified with -w and -c.
MEMUSE =
Memory use.
Warning and critical thresholds can be specified with -w and -c.
SERVICESTATE =
Check the state of one or several services.
Request a -l parameters with the following syntax:
-l <service1>,<service2>,<service3>,...
You can specify -d SHOWALL in case you want to see working services
in the returned string.
PROCSTATE =
Check if one or several process are running.
Same syntax as SERVICESTATE.
COUNTER =
Check any performance counter of Windows NT/2000.
Request a -l parameters with the following syntax:
-l "\\<performance object>\\counter","<description>
The <description> parameter is optional and is given to a printf
output command which requires a float parameter.
If <description> does not include "%%", it is used as a label.
Some examples:
"Paging file usage is %%.2f %%%%"
"%%.f %%%% paging file used."
INSTANCES =
Check any performance counter object of Windows NT/2000.
Syntax: check_nt -H <hostname> -p <port> -v INSTANCES -l <counter object>
<counter object> is a Windows Perfmon Counter object (eg. Process),
if it is two words, it should be enclosed in quotes
The returned results will be a comma-separated list of instances on
the selected computer for that object.
The purpose of this is to be run from command line to determine what instances
are available for monitoring without having to log onto the Windows server
to run Perfmon directly.
It can also be used in scripts that automatically create Nagios service
configuration files.
Some examples:
check_nt -H 192.168.1.1 -p 1248 -v INSTANCES -l Process
Notes:
- The NSClient service should be running on the server to get any information
(http://nsclient.ready2run.nl).
- Critical thresholds should be lower than warning thresholds
- Default port 1248 is sometimes in use by other services. The error
output when this happens contains "Cannot map xxxxx to protocol number".
One fix for this is to change the port to something else on check_nt
and on the client service it's connecting to.
Send email to nagios-users@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to nagiosplug-devel@lists.sourceforge.net
Nothing you will be changing in nagios.cfg related to nsclient connectivity. but make sure your config's are good.
ASKER
excuse my ignorance but where is the check_nt file?
It will be under nagios plugin directory be default it is /usr/lib/nagios/plugins but you have to check your installation procedure as per your need you might have changed it to some other location.
ASKER
Check_nt is not a file in the Nagios plug in directory.
did u install nagios-plugins rpm (or) package from source..
http://nagiosplugins.org/node/89
Repository:
http://sourceforge.net/project/showfiles.php?group_id=29880&package_id=21883
http://nagiosplugins.org/node/89
Repository:
http://sourceforge.net/project/showfiles.php?group_id=29880&package_id=21883
i know one smart tool for monitoring remote client, u can take a look and have a free trial:
www.employee-monitoring.net
www.employee-monitoring.net
ASKER
I installed the package from the source and can browse into the plug-in directory but don't see the check_nt file. i do se the executable but am unable to open it with a VI
Binary Executables cannot be opened are read using vi. Ok download from following site and install it
http://rpm.pbone.net/index.php3/stat/4/idpl/12373565/com/nagios-check_nt-1.4.13-12mdv2009.0.i586.rpm.html
http://rpm.pbone.net/index.php3/stat/4/idpl/12373565/com/nagios-check_nt-1.4.13-12mdv2009.0.i586.rpm.html
make install-config will install the sample config files.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@ KOS
ASA is an enterprise level cisco router/firewall.
ASA is an enterprise level cisco router/firewall.
solved.
Here's my check_nt usage, edit /usr/local/nagios/etc/obje cts/window s.cfg
add -p xxxx for whatever port you'd like to use to monitor the windows box. make the same port change in the nsc.ini file to match the port you set in windows.cfg.
add a simple port forward to firewall to wanted server via rotuer/asa/whatever
Just make sure to incriment ports accordingly. 12489 is used by default, so I started with 124850
Enjoy
Here's my check_nt usage, edit /usr/local/nagios/etc/obje
add -p xxxx for whatever port you'd like to use to monitor the windows box. make the same port change in the nsc.ini file to match the port you set in windows.cfg.
add a simple port forward to firewall to wanted server via rotuer/asa/whatever
Just make sure to incriment ports accordingly. 12489 is used by default, so I started with 124850
Enjoy
Host def section
define host{
use windows-server ; Inherit default values from a template
host_name whatever ; The name we're giving to this host
alias whatever ; A longer name associated with the host
address ie:206.xxx.xxx.xxx ; IP address of the host
}
define service{
use generic-service
host_name desired servername
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION -p 12850
}
define service{
use generic-service
host_name desired servername
service_description Uptime
check_command check_nt!UPTIME -p 12850
}
ASKER