About Me

My photo
Kalyan Kumar Pasupuleti B-Tech(Information Technology). • RedHat Certified Engineer(RHCE) • Directory Services and Authentication Certificate of Expertise(LDAP) • Red Hat SELinux Policy Administration Certificate of Expertise(SELinux) • Network Services Security Certificate of Expertise (Network Services) • RedHat Certified Virtualization Administrator(RHCVA) • Red Hat Certified Security Specialist (RHCSS) Working as Cloud DevOps engineer

Sunday, March 3, 2013

Monitoring Windows Machines using Nagios


This article describes how you can monitor "private" services and attributes of Windows machines like:
  • CPU load
  • Disk usage
  • Memory usage
  • Service states
  • Running processes, etc …
Monitoring private services or attributes of a Windows machine requires an agent to be installed on the windows box. This agent acts as a proxy between the Nagios plugin that does the monitoring and the actual service or attribute of the Windows machine. Without installing an agent on the Windows box, Nagios would be unable to monitor private services or attributes of the Windows box.


Now install the NSClient++ addon on the Wndows machine and using the check_nt plugin nagios will communicate with the NSClient++ addon.
Now follow the below procedure:
Edit the main Nagios config file on the Nagios server:

# vi /usr/local/nagios/etc/nagios.cfg

Remove the leading pound (#) sign from the following line in the main configuration file: 
#cfg_file=/usr/local/nagios/etc/objects/windows.cfg (Remove the # symbol)

Save the file and exit.

Now install the agent NSClient++ on the remote windows box

You can download the agent from http://sourceforge.net/projects/nscplus/


  • Unzip the NSClient++ files into a new C:\NSClient++ directory
  • Open a command prompt and change to the C:\NSClient++ directory
  • Register the NSClient++ system service with the following command:

                     nsclient++ /install
  •  Install the NSClient++ systray with the following command ('SysTray' is case-sensitive):
                     nsclient++ SysTray
  •  Open the services manager and make sure the NSClientpp service is allowed to interact with the desktop (see the 'Log On' tab of the services manager). If it isn't already allowed to interact with the desktop,
check the box to allow it to.

NSClientpp

Edit the NSC.INI file (located in the C:\NSClient++ directory) and make the following changes:
  • Uncomment all the modules listed in the [modules] section, except for CheckWMI.dll and RemoteConfiguration.dll
  • Optionally require a password for clients by changing the 'password' option in the [Settings] section.
  • Uncomment the 'allowed_hosts' option in the [Settings] section. Add the IP address of the Nagios server to this line, or leave it blank to allow all hosts to connect.
  • Make sure the 'port' option in the [NSClient] section is uncommented and set to '12489' (the default port).
Start the NSClient++ service with the following command:

                    nsclient++ /start

If installed properly, a new icon should appear in your system tray. It will be a yellow circle with a black 'M' inside.

Success! The Windows server can now be added to the Nagios monitoring configuration...
Now it is the time for the configuration in the Nagios server

Open the windows.cfg file for editing.

Add a new host definition for the Windows machine that you're going to monitor. If this is the *first* Windows machine you're monitoring, you can simply modify the sample host definition in windows.cfg. Change the host_name,alias, and address fields to appropriate values for the Windows box.
 
define host{
 
                    use                                 windows-server        ; Inherit default values from a Windows server template                                                                                                        (make sure you keep this line!)
                     host_name                winserver (Your server name)
                     alias                              My Windows Server
                     address                       XX.XX.XX.XX (Your server IP)
                     }

Now you can add some service definitions (to the same configuration file) in order to tell Nagios to monitor different aspects of the Windows machine. If this is the first Windows machine you're monitoring, you can simply modify the sample service definitions in windows.cfg.
Add the following service definition to monitor the uptime of the Windows server.
define service{
 
                    use                                                      generic-service
                    host_name                                      winserver (Your windows server name as defined in the                                                                                                                              define host section)
                     service_description                    Uptime
                     check_command                          check_nt!UPTIME
                     }
 
Add the following service definition to monitor the CPU utilization on the Windows server and generate a CRITICAL alert if the 5-minute CPU load is 90% or more or a WARNING alert if the 5-minute load is 80% or greater.
 
define service{
                     use                                                      generic-service
                     host_name                                      winserver (Your windows server name as defined in the define                                                                                                                host section)
                     service_description                     CPU Load
                     check_command                          check_nt!CPULOAD!-l 5,80,90
                     }
 
 
Add the following service definition to monitor memory usage on the Windows server and generate a CRITICAL alert if memory usage is 90% or more or a WARNING alert if memory usage is 80% or greater.
 
define service{
                     use                                                      generic-service
                     host_name                                      winserver (Your windows server name as defined in the define                                                                                                                 host section)
                     service_description                     Memory Usage
                     check_command                          check_nt!MEMUSE!-w 80 -c 90
                     }
 
Add the following service definition to monitor usage of the C:\ drive on the Windows server and generate a CRITICAL alert if disk usage is 90% or more or a WARNING alert if disk usage is 80% or greater.
 
define service{
                     use                                                      generic-service
                     host_name                                      winserver (Your windows server name as defined in the define                                                                                                                host section)
                     service_description                     C:\ Drive Space
                     check_command                          check_nt!USEDDISKSPACE!-l c -w 80 -c 90
                     }

Now save and exit the file.

Verify the sample Nagios configuration files(Syntax verification)

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

# service nagios start

Now check the Nagios GUI to check newly added host and services.



How to Monitoring Linux/Unix Machines using Nagios

Install Nagios using URL: http://boosturfuture.blogspot.in/2013/02/installation-and-configuration-of.html

After installation follow below procedure:


First define the contacts in the file /usr/local//nagios/etc/objects/contacts.cfg


define contact{
        contact_name                    nagiosadmin
        use                                     generic-contact
        alias                                   Nagios Admin
        email                           <enter the notifying email ids separated by commas>
        }


define contactgroup{
        contactgroup_name       admins
        alias                               Nagios Administrators
        members                       nagiosadmin
        }

The notification will be sent to members mentioned in the nagiosadmin contacts.

 

There are 2 ways to define services:

1.    Service definition for local machine.

2.    Service definition for remote host

Service definition for local machine

Before proceeding first you need to define a hostgroup as shown below:

define hostgroup{
        hostgroup_name      groupname1
        members                  server1,server2
}

Now define a host:

define host {
               use                         generic-host
               host_name             server1                  ; IP address/hostname of the machine
               alias                       server1                  ; A longer name associated with the host
               address                  XX.XX.XX.XX        ; IP address of the host
               hostgroups             groupname1          ; Host groups this host is associated with
               }

 

Now it is the time for defining services to be monitored on the defined host:

Service definition for PING
define service{
        use                             generic-service,srv-pnp         ; Name of service template to use
        hostgroup_name        groupname1
        service_description    PING
        check_command        check_ping!100.0,20%!500.0,60%
        contact_groups           admins
        }

Service definition for website check

define service{
       use                              generic-service,srv-pnp
       host_name                  server1
       contact_groups           admins
       service_description     www.your website.com
       check_command         check_website! www.your website.com '
        }

Service definition for remote host
Before proceeding you need to install a NRPE plugin on the remote host.

NRPE is an addon that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host. Similiar functionality can be accomplished by using the check_by_ssh plugin, although it can impose a higher CPU load on the monitoring machine - especially if you are monitoring hundreds or thousands of hosts.
Download the NRPE plugin on the Remote Host using below URL:

http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.13.tar.gz

Now extract the tar ball: tar xvfz nrpe-2.13.tar.gz

# cd nrpe-2.13
# ./configure
# make all
# make install-plugin
Now I want to check the remote machine disk space.
Remote Host Configuration after installing NRPE

1.    Define a NRPE command in the config file /usr/local/nagios/etc/nrpe.cfg as shown below:
command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 10% -p /

2.    Save and quit.



Configuration on the Nagios server


Now define the host and the service as shown below:


define Remote hostgroup{
        hostgroup_name      Remote Host Groupname1
        members                  Remote server1,Remote server2
}



define host {
               use                         generic-host
               host_name             Remote Host1       ; IP address/hostname of the machine
               alias                       Remote Host1       ; A longer name associated with the host
               address                  XX.XX.XX.XX        ; IP address of the host
               hostgroups             Remote Host Groupname1  ; Host groups this host is associated with
               }


define service{
        use                             generic-service,srv-pnp         ; Name of service template to use
        hostgroup_name        Remote Host Groupname1
        service_description    Disk Size-Root
        check_command        check_nrpe!check_disk!20%!10%!/
        contact_groups           admins
        }

The above service definition confirms that we are checking the desk space for the members of the Remote Host Groupname1 group.
You can also define the service for a individual hosts instead of using groups.

Now check for the configuration errors using below command
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
If there are no errors restart the Nagios service
# /etc/init.d/nagiosd restart

Now Login to the Web Interface using the below URL:

http://<nagios server IP>/Nagios

You'll be prompted for the username (nagiosadmin) and password you specified earlier.
Observe the defined hosts and services in the GUI.