Windows WMI with Nagios

I am trying to get a Server 2008 R2 box to be monitored with WMI using Nagios XI with WMI PLUS. I was to be able to have a average cpu usage graph, monitor services, and monitor processes. I have accomplished the above using a local admin and domain admin account. This won't work, I need it to be a privelege limited account and still attain the above. Currently I am using this guide: http://edcint.co.nz/checkwmiplus/?q=configurewindowsfromop5 and am not getting services monitoring or a cpu graph. (I am using a domain account, not a local one, because this will be deployed across alot of servers)

What am I missing?
ThePorthosAsked:
Who is Participating?
 
footechConnect With a Mentor Commented:
My best guess is that it was set incorrectly and is now blocking you.  Can you grab the information from another machine and then use it to set this one back to default?
0
 
footechCommented:
For monitoring of services you need to modify the permissions of SCManager, accomplished by running a command like SC SDSET SCManager <rights in SDDL>.  I don't see any step missing from the link that you posted.  I will say that for all the checks I've implemented I haven't had to set "Execute method" to allow in WMI Control.  Are your other WMI checks working?
0
 
ThePorthosAuthor Commented:
Will get back to you next week foot, my testing environment is at work. Sorry for the late reply been busy. Yes the SC Manager part is relatively annoying, to get the right services. Like for example I'm trying to monitor VMTools
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
ThePorthosAuthor Commented:
Sorry took a lot longer to get back to this than I expected because we decided to go with NRPE. But yes all checks are working except services and cpu. Processes work fine.
0
 
footechCommented:
What result do you get in Nagios when running the services and cpu checks?

Have you tried just running the same check from the command line (of the nagios machine)?

Can you post the output of running sc sdshow scmanager (on the Windows machine)?

One problem that I've seen is that by default the check_wmi_plus command is defined to only accept a number of checks (up to ARG4 I think), but we had a couple service checks that were set up with parameters in ARG5 and 6.  After changing the command definition we were good.

FWIW, I prefer using WMI over NRPE for Windows boxes mainly because it doesn't require you to install anything extra, and I was able to set all the permissions necessary through Group Policy or scripting.
0
 
ThePorthosAuthor Commented:
Yes WMI is a better option in the long run thats why I am still looking into it as an option. Will post the sc sdshow manager from our wmi test box when I get in on monday.
0
 
ThePorthosAuthor Commented:
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;B
A)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
0
 
footechCommented:
Doesn't look like you've customized the permissions on SCManager.  Those are the default.  As I mentioned in my first post, this has to be set to monitor services.  Are you having trouble understanding the SDDL?  Here's the command I used.
sc sdset scmanager D:(A;;CCLCRPRC;;;S-1-5-21-1182880020-2061599385-2782883043-1252)(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Open in new window

Just replace the SID with the SID of your user and it will work for you.

For the CPU check, review my last post and please get back to me with info.
0
 
ThePorthosAuthor Commented:
Will try this sometime tomorrow and get back to you. I had used the one linked in the guide I posted originally, this is a different box now which I hadn't tried it yet on. We'll see how this goes.
0
 
ThePorthosAuthor Commented:
Still services coming up as 0 on my checks, also still not getting a cpu graph.

C:\Windows\system32>sc sdshow scmanager

D:(A;;CCLCRPRC;;;S-1-5-21-2125796797-321469543-658320111-68788)(A;;CC;;;AU)(A;;C
CLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)
(AU;OIIOFA;GA;;;WD)

service_wmiplus!'domain/user'!'Password'!checkservice!-a 'VMTOOLS'

(VMTOOLS is the service name according to services.msc of vmware tools on this test VM)
0
 
footechCommented:
What version of Nagios XI are you running?  Are you running the check_wmi_plus that was included or did you install a version yourself?

From the command line of your nagios box, navigate to the directory where your checks are (mine is /usr/local/nagios/libexec) and run the following command (substituting computer name and credentials as appropriate):
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkservice -a "VMTools"

Open in new window

and
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkcpu

Open in new window

And the check_wmi_plus version...
./check_wmi_plus.pl --version

Open in new window

Please provide the output of all.

Took me a little bit to figure out what the "service_wmiplus..." line that you posted above was about, and still not 100% sure but it looks like it's from a service definition file.  I do all my configuration of nagios through the GUI.  "check_xi_service_wmiplus" is the name of the check command in all the versions I've used, so I'm guessing you've customized something.
0
 
ThePorthosAuthor Commented:
Its an older install I believe, originally installed for our linux admins. I have just recently been using NRPE to monitor the windows side, since I know linux but am a windows admin. WMI would be more efficient because of not requiring a client side software that I have to update every six months.

But I do know its an older install. I will run the commands tomorrow sometime.
0
 
ThePorthosAuthor Commented:
1. OK - Found 0 Services(s), 0 OK and 0 with problems (0 excluded). |'Total Service Count'=0; 'Service Count OK State'=0; 'Service Count Problem State'=0; 'Excluded Service Count'=0;

2. OK (Sample Period 89 sec) - Average CPU Utilisation Need at least 2 WMI samples%

3. Version: 1.49
0
 
footechCommented:
OK, you need to grant rights on the specific service, same as we did with SCManager.
Run sc sdshow vmtools to get the current SDDL for the VMTools service.  Take the string and modify it to include the Generic-Read right.  If you insert the following right after the "D:" at the beginning you should be good.
(A;;GR;;;S-1-5-21-2125796797-321469543-658320111-68788)

Open in new window


For the CPU, are you seeing the same results as the command line in Nagios XI, or is it just the graphing of the data that is not working?
0
 
ThePorthosAuthor Commented:
Same results as the command line. So I'm guessing its a permissions issue somewhere.
0
 
ThePorthosAuthor Commented:
Still no go on services after doing this:


C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR
[SC] SetServiceObjectSecurity SUCCESS


But now when I try to do sc sdshow vmtools to confirm the changes it says access denied.
0
 
footechCommented:
RE: CPU.  If it was a permissions issue you would get an error.  If you run the command twice in a row you should get an actual value since how it works is to compare one reading to another.

RE: Service.  If that is the complete command you ran above, it looks like part of it is missing, and there shouldn't be a space after "D:".
0
 
ThePorthosAuthor Commented:
What part of it am I missing? Thanks for your continued help.
0
 
footechCommented:
I don't know what the exact string should be since we have few VMWare instances and I can't check on any of them right now, but the SDDL is definitely incomplete.

C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR;;;SU) <--something what's in bold is missing
[SC] SetServiceObjectSecurity SUCCESS

If you want to post the result of sc sdshow vmtools for an unmodified instance I could verify what it should be.
0
 
ThePorthosAuthor Commented:
Sorry it took me a bit to get back to you, When I try that, even running CMD as admin. I get this:

C:\Windows\system32>sc sdshow vmtools
[SC] OpenService FAILED 5:

Access is denied.

Is there something I need to turn off or restart as far as services to fix that.
0
 
ThePorthosAuthor Commented:
Thanks for your help with this question, unfortunately I do not have the time to pursue it anymore considering we went with a different option. I do know that if we had kept at it we would have figured it out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.