Solved

Windows WMI with Nagios

Posted on 2013-01-30
21
2,160 Views
Last Modified: 2013-03-07
I am trying to get a Server 2008 R2 box to be monitored with WMI using Nagios XI with WMI PLUS. I was to be able to have a average cpu usage graph, monitor services, and monitor processes. I have accomplished the above using a local admin and domain admin account. This won't work, I need it to be a privelege limited account and still attain the above. Currently I am using this guide: http://edcint.co.nz/checkwmiplus/?q=configurewindowsfromop5 and am not getting services monitoring or a cpu graph. (I am using a domain account, not a local one, because this will be deployed across alot of servers)

What am I missing?
0
Comment
Question by:ThePorthos
  • 13
  • 8
21 Comments
 
LVL 39

Expert Comment

by:footech
ID: 38838173
For monitoring of services you need to modify the permissions of SCManager, accomplished by running a command like SC SDSET SCManager <rights in SDDL>.  I don't see any step missing from the link that you posted.  I will say that for all the checks I've implemented I haven't had to set "Execute method" to allow in WMI Control.  Are your other WMI checks working?
0
 

Author Comment

by:ThePorthos
ID: 38845926
Will get back to you next week foot, my testing environment is at work. Sorry for the late reply been busy. Yes the SC Manager part is relatively annoying, to get the right services. Like for example I'm trying to monitor VMTools
0
 

Author Comment

by:ThePorthos
ID: 38894428
Sorry took a lot longer to get back to this than I expected because we decided to go with NRPE. But yes all checks are working except services and cpu. Processes work fine.
0
 
LVL 39

Expert Comment

by:footech
ID: 38895143
What result do you get in Nagios when running the services and cpu checks?

Have you tried just running the same check from the command line (of the nagios machine)?

Can you post the output of running sc sdshow scmanager (on the Windows machine)?

One problem that I've seen is that by default the check_wmi_plus command is defined to only accept a number of checks (up to ARG4 I think), but we had a couple service checks that were set up with parameters in ARG5 and 6.  After changing the command definition we were good.

FWIW, I prefer using WMI over NRPE for Windows boxes mainly because it doesn't require you to install anything extra, and I was able to set all the permissions necessary through Group Policy or scripting.
0
 

Author Comment

by:ThePorthos
ID: 38896687
Yes WMI is a better option in the long run thats why I am still looking into it as an option. Will post the sc sdshow manager from our wmi test box when I get in on monday.
0
 

Author Comment

by:ThePorthos
ID: 38901737
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;B
A)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
0
 
LVL 39

Expert Comment

by:footech
ID: 38904536
Doesn't look like you've customized the permissions on SCManager.  Those are the default.  As I mentioned in my first post, this has to be set to monitor services.  Are you having trouble understanding the SDDL?  Here's the command I used.
sc sdset scmanager D:(A;;CCLCRPRC;;;S-1-5-21-1182880020-2061599385-2782883043-1252)(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Open in new window

Just replace the SID with the SID of your user and it will work for you.

For the CPU check, review my last post and please get back to me with info.
0
 

Author Comment

by:ThePorthos
ID: 38907818
Will try this sometime tomorrow and get back to you. I had used the one linked in the guide I posted originally, this is a different box now which I hadn't tried it yet on. We'll see how this goes.
0
 

Author Comment

by:ThePorthos
ID: 38911724
Still services coming up as 0 on my checks, also still not getting a cpu graph.

C:\Windows\system32>sc sdshow scmanager

D:(A;;CCLCRPRC;;;S-1-5-21-2125796797-321469543-658320111-68788)(A;;CC;;;AU)(A;;C
CLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)
(AU;OIIOFA;GA;;;WD)

service_wmiplus!'domain/user'!'Password'!checkservice!-a 'VMTOOLS'

(VMTOOLS is the service name according to services.msc of vmware tools on this test VM)
0
 
LVL 39

Expert Comment

by:footech
ID: 38912182
What version of Nagios XI are you running?  Are you running the check_wmi_plus that was included or did you install a version yourself?

From the command line of your nagios box, navigate to the directory where your checks are (mine is /usr/local/nagios/libexec) and run the following command (substituting computer name and credentials as appropriate):
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkservice -a "VMTools"

Open in new window

and
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkcpu

Open in new window

And the check_wmi_plus version...
./check_wmi_plus.pl --version

Open in new window

Please provide the output of all.

Took me a little bit to figure out what the "service_wmiplus..." line that you posted above was about, and still not 100% sure but it looks like it's from a service definition file.  I do all my configuration of nagios through the GUI.  "check_xi_service_wmiplus" is the name of the check command in all the versions I've used, so I'm guessing you've customized something.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:ThePorthos
ID: 38912333
Its an older install I believe, originally installed for our linux admins. I have just recently been using NRPE to monitor the windows side, since I know linux but am a windows admin. WMI would be more efficient because of not requiring a client side software that I have to update every six months.

But I do know its an older install. I will run the commands tomorrow sometime.
0
 

Author Comment

by:ThePorthos
ID: 38913771
1. OK - Found 0 Services(s), 0 OK and 0 with problems (0 excluded). |'Total Service Count'=0; 'Service Count OK State'=0; 'Service Count Problem State'=0; 'Excluded Service Count'=0;

2. OK (Sample Period 89 sec) - Average CPU Utilisation Need at least 2 WMI samples%

3. Version: 1.49
0
 
LVL 39

Expert Comment

by:footech
ID: 38915849
OK, you need to grant rights on the specific service, same as we did with SCManager.
Run sc sdshow vmtools to get the current SDDL for the VMTools service.  Take the string and modify it to include the Generic-Read right.  If you insert the following right after the "D:" at the beginning you should be good.
(A;;GR;;;S-1-5-21-2125796797-321469543-658320111-68788)

Open in new window


For the CPU, are you seeing the same results as the command line in Nagios XI, or is it just the graphing of the data that is not working?
0
 

Author Comment

by:ThePorthos
ID: 38918145
Same results as the command line. So I'm guessing its a permissions issue somewhere.
0
 

Author Comment

by:ThePorthos
ID: 38918183
Still no go on services after doing this:


C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR
[SC] SetServiceObjectSecurity SUCCESS


But now when I try to do sc sdshow vmtools to confirm the changes it says access denied.
0
 
LVL 39

Expert Comment

by:footech
ID: 38918814
RE: CPU.  If it was a permissions issue you would get an error.  If you run the command twice in a row you should get an actual value since how it works is to compare one reading to another.

RE: Service.  If that is the complete command you ran above, it looks like part of it is missing, and there shouldn't be a space after "D:".
0
 

Author Comment

by:ThePorthos
ID: 38926284
What part of it am I missing? Thanks for your continued help.
0
 
LVL 39

Expert Comment

by:footech
ID: 38926733
I don't know what the exact string should be since we have few VMWare instances and I can't check on any of them right now, but the SDDL is definitely incomplete.

C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR;;;SU) <--something what's in bold is missing
[SC] SetServiceObjectSecurity SUCCESS

If you want to post the result of sc sdshow vmtools for an unmodified instance I could verify what it should be.
0
 

Author Comment

by:ThePorthos
ID: 38942387
Sorry it took me a bit to get back to you, When I try that, even running CMD as admin. I get this:

C:\Windows\system32>sc sdshow vmtools
[SC] OpenService FAILED 5:

Access is denied.

Is there something I need to turn off or restart as far as services to fix that.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38942713
My best guess is that it was set incorrectly and is now blocking you.  Can you grab the information from another machine and then use it to set this one back to default?
0
 

Author Closing Comment

by:ThePorthos
ID: 38964901
Thanks for your help with this question, unfortunately I do not have the time to pursue it anymore considering we went with a different option. I do know that if we had kept at it we would have figured it out.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
OfficeMate Freezes on login or does not load after login credentials are input.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now