Monitor a Windows service/host from the Nagios Core server [Linux].

 

NSclient++ is an agent which can be used to monitor Windows devices. Using this agent we can monitor system metrics, services, and processes on the target machine using the Windows Server configuration Wizard. This agent must be installed on the target Windows Machine/Server. In this scenario, Nagios core is installed on a CentOS machine.

Part A

Please follow the steps below to install the agent.

Windows Monitoring Agent installation: NSClient++

Log on to the Windows target server and download the latest version of NSClient++ software as per the system Architecture.

Link for download: https://nsclient.org/download/

 

Step 1 : Once downloaded the package. Double click on the installer. You will see a setup wizard like below and click on Next button to proceed with the installation. See the below image.

Step 2: On the next screen, go ahead and select ‘Generic’ and Click on ‘Next’ button. See the below image.

Step 3: Click on ‘Complete’ as shown below. This will cover all program features at the time of installation.

Step 4: Here you will need to put the Nagios Core Server IP address in ‘ Allowed_hosts’ and choose a random password. We are going to monitor the Win service using the check_nt module. So go ahead and enable modules which are shown in the below image and click on ‘Next’ button.

Step 5: Click on the ‘install’ button to complete the installation.

Configuring NSClient++ 0.5.x

The configuration file in NSClient++ 0.5.x is called nsclient.ini and is located at: C:\Program Files\NSClient++\nsclient.ini

The configuration file should look like this. You will need to open the file using notepad++ or with a normal text editor. Here we can see the allowed_host and password that was given at the time of installation. See the configuration file.

You will need to enable all the features that are shown as disabled.

We will need to restart the NSClient++ service whenever we make changes in it. So you can restart the NSclient++ from the ‘Service console under Administrative Tools. See the image below.

Open Port in Firewall

Make sure the following port that need to be open can be accessed from the Nagios XI server:

  • TCP port 12489 for NSClientServer [Windows Server and enable ICMP]

The client-side installation and configuration is over.

Testing:

You could test the agent installation using the following command.

Logon to the Nagios Core machine.

cd: /usr/lib/nagios/plugins

#./check_nt -H 192.168.1.201 -s password -p 12489 -v UPTIME

System Uptime – 33 day(s) 22 hour(s) 38 minute(s) |uptime=48878

# ./check_nt -H 192.168.1.201 -s password -p 12489 -v MEMUSE -w 80 -c 90

Memory usage: total:2047.63 MB – used: 1306.77 MB (64%) – free: 740.86 MB (36%) | ‘Memory usage’=1306.77MB;1638.10;1842.86;0.00;2047.63

Since the agent installation works well. We can go ahead and configure the Service monitoring in Nagios Core Server [Linux].

Part B

Setup in Nagios core monitoring server:

Login to Nagios monitoring server to add the new server for monitoring. The host files are located at : /usr/local/nagios/etc/objects

If you need to add a new server.  You may need to make a copy of ‘windows.cfg’ to ‘desired_name.cfg’.

[root@monitor objects]# ll windows.cfg

-rw-r–r– 1 root root 3989 Mar 20  2021 windows.cfg

[root@monitor objects]#

Then replace ‘address’ with the new server IP address : 192.168.1.202 like below.

# Define a host for the Windows machine we’ll be monitoring

# Change the host_name, alias, and address to fit your situation

define host{

use             windows-server  ; Inherit default values from a template

host_name       WIN-example.com      ; The name we’re giving to this host

alias           WIN-Test   ; A longer name associated with the host

address        192.168.1.202 ; IP address of the host

}

Then check the configuration using :  /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg. If there are no errors.

Then you can restart the service using ‘service nagios restart’ command.

Defining a new Service to be monitored

You can now define a service for monitoring. Change the host_name to match the name of the host you defined above and add just below the ‘define host’ section.

define service {

use                     windows-server

host_name               WIN-example.com

service_description     Explorer.exe process

check_command           check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe

}

Then check the configuration using :  /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg and If there are no errors.

Restart the service using ‘service nagios restart’ command.

You can now see the new server added in Nagios monitoring system. You can either do a force check or allow some time for them to check it automatically.

 

Leave a Reply