Solved

Windows WMI with Nagios

Posted on 2013-01-30
21
2,209 Views
Last Modified: 2013-03-07
I am trying to get a Server 2008 R2 box to be monitored with WMI using Nagios XI with WMI PLUS. I was to be able to have a average cpu usage graph, monitor services, and monitor processes. I have accomplished the above using a local admin and domain admin account. This won't work, I need it to be a privelege limited account and still attain the above. Currently I am using this guide: http://edcint.co.nz/checkwmiplus/?q=configurewindowsfromop5 and am not getting services monitoring or a cpu graph. (I am using a domain account, not a local one, because this will be deployed across alot of servers)

What am I missing?
0
Comment
Question by:ThePorthos
  • 13
  • 8
21 Comments
 
LVL 39

Expert Comment

by:footech
ID: 38838173
For monitoring of services you need to modify the permissions of SCManager, accomplished by running a command like SC SDSET SCManager <rights in SDDL>.  I don't see any step missing from the link that you posted.  I will say that for all the checks I've implemented I haven't had to set "Execute method" to allow in WMI Control.  Are your other WMI checks working?
0
 

Author Comment

by:ThePorthos
ID: 38845926
Will get back to you next week foot, my testing environment is at work. Sorry for the late reply been busy. Yes the SC Manager part is relatively annoying, to get the right services. Like for example I'm trying to monitor VMTools
0
 

Author Comment

by:ThePorthos
ID: 38894428
Sorry took a lot longer to get back to this than I expected because we decided to go with NRPE. But yes all checks are working except services and cpu. Processes work fine.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 39

Expert Comment

by:footech
ID: 38895143
What result do you get in Nagios when running the services and cpu checks?

Have you tried just running the same check from the command line (of the nagios machine)?

Can you post the output of running sc sdshow scmanager (on the Windows machine)?

One problem that I've seen is that by default the check_wmi_plus command is defined to only accept a number of checks (up to ARG4 I think), but we had a couple service checks that were set up with parameters in ARG5 and 6.  After changing the command definition we were good.

FWIW, I prefer using WMI over NRPE for Windows boxes mainly because it doesn't require you to install anything extra, and I was able to set all the permissions necessary through Group Policy or scripting.
0
 

Author Comment

by:ThePorthos
ID: 38896687
Yes WMI is a better option in the long run thats why I am still looking into it as an option. Will post the sc sdshow manager from our wmi test box when I get in on monday.
0
 

Author Comment

by:ThePorthos
ID: 38901737
D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;B
A)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
0
 
LVL 39

Expert Comment

by:footech
ID: 38904536
Doesn't look like you've customized the permissions on SCManager.  Those are the default.  As I mentioned in my first post, this has to be set to monitor services.  Are you having trouble understanding the SDDL?  Here's the command I used.
sc sdset scmanager D:(A;;CCLCRPRC;;;S-1-5-21-1182880020-2061599385-2782883043-1252)(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Open in new window

Just replace the SID with the SID of your user and it will work for you.

For the CPU check, review my last post and please get back to me with info.
0
 

Author Comment

by:ThePorthos
ID: 38907818
Will try this sometime tomorrow and get back to you. I had used the one linked in the guide I posted originally, this is a different box now which I hadn't tried it yet on. We'll see how this goes.
0
 

Author Comment

by:ThePorthos
ID: 38911724
Still services coming up as 0 on my checks, also still not getting a cpu graph.

C:\Windows\system32>sc sdshow scmanager

D:(A;;CCLCRPRC;;;S-1-5-21-2125796797-321469543-658320111-68788)(A;;CC;;;AU)(A;;C
CLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)
(AU;OIIOFA;GA;;;WD)

service_wmiplus!'domain/user'!'Password'!checkservice!-a 'VMTOOLS'

(VMTOOLS is the service name according to services.msc of vmware tools on this test VM)
0
 
LVL 39

Expert Comment

by:footech
ID: 38912182
What version of Nagios XI are you running?  Are you running the check_wmi_plus that was included or did you install a version yourself?

From the command line of your nagios box, navigate to the directory where your checks are (mine is /usr/local/nagios/libexec) and run the following command (substituting computer name and credentials as appropriate):
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkservice -a "VMTools"

Open in new window

and
./check_wmi_plus.pl -H whatevercomputer -u  "yourdomain/yournagiosuser" -p "yourpassword" -m checkcpu

Open in new window

And the check_wmi_plus version...
./check_wmi_plus.pl --version

Open in new window

Please provide the output of all.

Took me a little bit to figure out what the "service_wmiplus..." line that you posted above was about, and still not 100% sure but it looks like it's from a service definition file.  I do all my configuration of nagios through the GUI.  "check_xi_service_wmiplus" is the name of the check command in all the versions I've used, so I'm guessing you've customized something.
0
 

Author Comment

by:ThePorthos
ID: 38912333
Its an older install I believe, originally installed for our linux admins. I have just recently been using NRPE to monitor the windows side, since I know linux but am a windows admin. WMI would be more efficient because of not requiring a client side software that I have to update every six months.

But I do know its an older install. I will run the commands tomorrow sometime.
0
 

Author Comment

by:ThePorthos
ID: 38913771
1. OK - Found 0 Services(s), 0 OK and 0 with problems (0 excluded). |'Total Service Count'=0; 'Service Count OK State'=0; 'Service Count Problem State'=0; 'Excluded Service Count'=0;

2. OK (Sample Period 89 sec) - Average CPU Utilisation Need at least 2 WMI samples%

3. Version: 1.49
0
 
LVL 39

Expert Comment

by:footech
ID: 38915849
OK, you need to grant rights on the specific service, same as we did with SCManager.
Run sc sdshow vmtools to get the current SDDL for the VMTools service.  Take the string and modify it to include the Generic-Read right.  If you insert the following right after the "D:" at the beginning you should be good.
(A;;GR;;;S-1-5-21-2125796797-321469543-658320111-68788)

Open in new window


For the CPU, are you seeing the same results as the command line in Nagios XI, or is it just the graphing of the data that is not working?
0
 

Author Comment

by:ThePorthos
ID: 38918145
Same results as the command line. So I'm guessing its a permissions issue somewhere.
0
 

Author Comment

by:ThePorthos
ID: 38918183
Still no go on services after doing this:


C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR
[SC] SetServiceObjectSecurity SUCCESS


But now when I try to do sc sdshow vmtools to confirm the changes it says access denied.
0
 
LVL 39

Expert Comment

by:footech
ID: 38918814
RE: CPU.  If it was a permissions issue you would get an error.  If you run the command twice in a row you should get an actual value since how it works is to compare one reading to another.

RE: Service.  If that is the complete command you ran above, it looks like part of it is missing, and there shouldn't be a space after "D:".
0
 

Author Comment

by:ThePorthos
ID: 38926284
What part of it am I missing? Thanks for your continued help.
0
 
LVL 39

Expert Comment

by:footech
ID: 38926733
I don't know what the exact string should be since we have few VMWare instances and I can't check on any of them right now, but the SDDL is definitely incomplete.

C:\Windows\system32>sc sdset vmtools D: (A;;GR;;;S-1-5-21-2125796797-321469543-6
58320111-68788)(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(
A;;CCLCSWLOCR;;;SU) <--something what's in bold is missing
[SC] SetServiceObjectSecurity SUCCESS

If you want to post the result of sc sdshow vmtools for an unmodified instance I could verify what it should be.
0
 

Author Comment

by:ThePorthos
ID: 38942387
Sorry it took me a bit to get back to you, When I try that, even running CMD as admin. I get this:

C:\Windows\system32>sc sdshow vmtools
[SC] OpenService FAILED 5:

Access is denied.

Is there something I need to turn off or restart as far as services to fix that.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 38942713
My best guess is that it was set incorrectly and is now blocking you.  Can you grab the information from another machine and then use it to set this one back to default?
0
 

Author Closing Comment

by:ThePorthos
ID: 38964901
Thanks for your help with this question, unfortunately I do not have the time to pursue it anymore considering we went with a different option. I do know that if we had kept at it we would have figured it out.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question