Monitoring Windows with Nagios

I’m working in a Windows environment at my current job so I will be posting a little bit about Windows related topics in the future but the main focus will of course still stay in Linux. Setting up Nagios on Linux server to monitor Windows machines felt like a good way to introduce some Linux functionality to our Windows network.

Windows monitoring was fairly simple to set up but I did run into some small issues. All the guides and tutorials that I found were so outdated that they weren’t really much of a help. This guide is for the latest Nagios and nsclient versions (at least for now). Puppet module for the NSClient at the end of this post.

So here are the versions that I used:
Nagios Core 4.3.1
NSClient++ 0.4.1.62 (x64)
Ubuntu 12.10
Windows 7 (64-bit)

Setting up Nagios3 on Ubuntu

Here’s one good and easy to follow guide for installing Nagios3 on Ubuntu 11.04. Still applies to Ubuntu 12.10 as well: http://www.the-tech-tutorial.com/?p=1433

Basicly this will do just fine:
sudo apt-get install apache2 libapache2-mod-php5 libgd2-xpm-dev nagios3

Follow the guide above and you should have Nagios up and running. You can check if it’s working here:¬†http://localhost/nagios3
Log in with the password you specified when you installed Nagios. The username is nagiosadmin.

Now to the Windows part.

I tried to follow this guide¬†first but it’s just way too old and didn’t get me very far. So here’s how I got the Windows monitoring working. I’ve included all failures as well as to help those who have similiar problems.

Windows configuration

Install NSClient++ on the Windows host.
This is the version I used:
http://files.nsclient.org/x-0.4.x/NSCP-0.4.1.62-x64.msi
Download and install.
Also if you want to check for a newer version. Here’s the full list: http://nsclient.org/nscp/downloads

Here’s a screenshot of one part of the installation.

Those are the features that I chose. Enable at least common check plugins and nsclient server.

Go to the installation directory and open the nsclient.ini
C:\Program Files\NSClient++\nsclient.ini

Look for these lines and add them if they’re missing:
allowed hosts =
password =
port = 12489

You can add the Nagios server to the allowed hosts if you want.
I left the allowed hosts and password empty at this point.

Restart the NSClient++ service:
Start > Administrative tools > Services

Linux configuration

Create an objects directory to your nagios config:
cd /etc/nagios3/
sudo mkdir objects

Create a template for your windows hosts to the objects directory:
/etc/nagios3/objects/templates.cfg

define host{
  name                    windows-server
  use                     generic-host
  check_period            24x7
  check_interval          5
  retry_interval          1
  max_check_attempts      10
  check_command           check-host-alive
  notification_period     24x7
  notification_interval   30
  notification_options    d,r
  contact_groups          admins
  register                0
}

Add the windows host and services to the objects directory:
/etc/nagios3/objects/windows.cfg

define host{
	use		windows-server
	host_name 	remote-windows-host
	alias           Remote Windows Host
	address       	192.168.100.25
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     NSClient++ Version
	check_command           check_nt!CLIENTVERSION
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     Uptime
	check_command           check_nt!UPTIME
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     CPU Load
	check_command           check_nt!CPULOAD!-l 5,80,90
}
define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     Memory Usage
	check_command           check_nt!MEMUSE!-w 80 -c 90
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     C:\ Drive Space
	check_command           check_nt!USEDDISKSPACE!-l C -w 80 -c 90
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     D:\ Drive Space
	check_command           check_nt!USEDDISKSPACE!-l d -w 90 -c 95
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     E:\ Drive Space
	check_command           check_nt!USEDDISKSPACE!-l e -w 90 -c 95
}

define service{
	use			generic-service
	host_name		remote-windows-host
	service_description	W3SVC
	check_command		check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}

define service{
	use                     generic-service
	host_name               remote-windows-host
	service_description     Explorer
	check_command           check_nt!PROCSTATE!-d SHOWALL -l explorer.exe
}

You can use whatever you want as host_name. And maybe you should change the address for your host as well. It can be IP address or hostname.

Modify /etc/nagios3/nagios.cfg
Add these lines:

cfg_file=/etc/nagios3/objects/windows.cfg
cfg_file=/etc/nagios3/objects/templates.cfg

Check your config:
sudo nagios3 -v /etc/nagios3/nagios.cfg

If there’s no errors, restart nagios3 service:
sudo service nagios3 restart

Let’s see what our nagios web page tells us:
http://localhost/nagios3
Go to the Services on left hand menu and you should see something similiar to this:

Ok something is clearly wrong if you get these kind of errors for your windows host…
UNKNOWN – missing -l parameters
UNKNOWN – no service/process specified
CRITICAL – Socet timeout after 10 seconds

This indicates that there’s something wrong in my nagios configuration files.

Check the nt plugin:
cat /etc/nagios-plugins/nt.cfg

Looks ok but it really isn’t. There’s problems in the command. Let’s make some fixes:


Text version for your copypaste needs:

define command {
        command_name    check_nt
        command_line    /usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$ -v $ARG1$ $ARG2$
}

If you specified a password in your nsclient.ini, you have to add it now to the check_nt command as well:

/usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$ -p 12489 -s YOUR_PASSWORD -v $ARG1$ $ARG2$

Check your config again and restart the service:
sudo nagios3 -v /etc/nagios3/nagios.cfg
sudo service nagios3 restart

After a while the errors should be gone.

For me some of the errors were gone but this doesn’t look much better:

Nagios isn’t able to connect to the NSClient++ service. The port was still missing from the nt.cfg

define command {
        command_name    check_nt
        command_line    /usr/lib/nagios/plugins/check_nt -H $HOSTADDRESS$ -p 12489 -v $ARG1$ $ARG2$
}

Another restart:
sudo service nagios3 restart

Ok now it looks a lot better.

But still the host seems to be down. Apparently it’s not responding to ping.
PING CRITICAL – Packet loss = 100%

This is the Hosts view on the left hand menu.

My firewall was blocking the ping attempts so I just had to allow icmp:echo requests between the Nagios server and my Windows host.

I didn’t have the W3SVC installed so I took it off from the windows.cfg. (Maybe I shouldn’t have added it there in the first place…)

All good now!

Bonus section – Puppet module for the NSClient

Puppet module for installing NSClient++ on Windows:

class nscp {

  if ($operatingsystem == 'windows') {

    package { 'nscp':
      ensure => installed,
      source => 'D:\share\NSCP-0.4.1.62-x64.msi',
    }

    service { 'nscp':
      ensure  => running,
      enable  => true,
      require => Package['nscp'],
    }

    file { 'C:/Program Files/NSClient++/nsclient.ini':
      ensure  => file,
      owner   => 'SYSTEM',
      mode    => '0644',
      source  => 'puppet:///modules/nscp/nsclient.ini',
      require => Package['nscp'],
      notify  => Service['nscp'],
    }
  }
  else {
    fail('This module is only supported on Windows')
  }
}

It’s also available on our github here:
https://github.com/awaseroot/awaseroot/tree/master/puppet/modules/nscp

Sources and some helpful resources

For the older versions of NSClient++ a guide by Ramesh Natarajan (2008):
http://www.thegeekstuff.com/2008/07/how-to-monitor-remote-windows-machine-using-nagios-on-linux/

The official guide:
http://nagios.sourceforge.net/docs/3_0/monitoring-windows.html

Installing Nagios on Ubuntu 11.04 by Tyler Allen:
http://www.the-tech-tutorial.com/?p=1433

About these ads

15 responses to “Monitoring Windows with Nagios

  1. Pingback: Puppet: Nagios3 module « awaseroot

  2. Michael Medin (mickem) November 29, 2012 at 11:35 am

    Just thought I’d let you know I posted a “blog post” (news about your blog post on nsclient.org. hope that is ok.
    Also Might wanna look into check_nrpe (over check_nt which is largely outdated and limited)

    // Michael Medin

    • Henri Siponen November 29, 2012 at 3:15 pm

      Hi Michael! Thanks for letting me know and yes it’s absolutely more than ok.
      I’ll look into check_nrpe and propably post something about it on this blog as well. I have used check_nrpe with Linux monitoring but didn’t realize that I should use it with NSClient as well.

  3. Pingback: Nagios – NRPE and Windows Hosts « awaseroot

  4. Simon Oosthoek December 20, 2012 at 2:21 pm

    Interesting stuff!
    You appear to have only a single windows host to monitor, but if you need to monitor multiple windows hosts, I think it would be more useful to map the services to a hostgroup_name, e.g. windows-hosts, and in the host template add “hostgroups +windows-hosts” so that every windows host inherited from “windows-server” automatically gets all the generic service checks. Since you also have puppet, it’s very easy to grow the number of windows hosts to monitor, you only need a single new host entry inheriting from windows-server and you get the rest for free

    /Simon

  5. Milos Denic July 26, 2013 at 5:03 pm

    Pls tell me how i can add more windows host for monitoring, this tutorial is great, but work with one host. I need to monitor 6 windows hosts :)

    • Henri Siponen July 28, 2013 at 9:07 am

      Hi Milos,
      You just need to add the hosts (with different names and IP-addr) and their services to the /etc/nagios3/objects/windows.cfg

      define host{
      use windows-server
      host_name another-windows-host
      alias Another Windows Host
      address 192.168.100.35
      }

      define service{
      use generic-service
      host_name another-windows-host
      service_description Uptime
      check_command check_nt!UPTIME
      }

      You can also define hostgroups for hosts and services so you don’t have to create same services multiple times for each host.

      • Milos Denic July 29, 2013 at 10:40 am

        thanks man, it works great, really thanks, i now have more questions :D
        i need to monitor 2 esxi servers, but cant find good tutorial for that :(
        can u help me again ?

  6. Jim Lowrey August 10, 2013 at 11:01 am

    Nagios seems like the typical open source solution that trumps the others but getting it working correctly is the real issue.

    This post helped me a bunch! Thanks!

  7. Pingback: Windows Updates in Nagios | A random blog from a sysadmin

  8. fernando September 24, 2013 at 12:00 pm

    I want monitor the eventsLog on windows

  9. lamine October 18, 2013 at 9:05 pm

    thx u very much ..ur tutorial was really useful for me
    ..let say it saved my life

  10. Pingback: Fine tuning your Fresh Nagios Installation | Brian Christner

  11. Pingback: Nagios setup on Ubuntu to monitor Windows servers | Technology Librarian Does Stuff

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: