Monitoring Windows Using WMI
Transcript of Monitoring Windows Using WMI
The Industry Standard in IT Infrastructure Monitoring
Purpose
This document describes how to monitor Windows machines with Nagios XI using WMI.
Target Audience
This document is intended for use by Nagios XI Administrators.
Overview
WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines.
Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.
XI Server Requirements
Before you can monitor Windows machines using WMI, you must install the WMI client on the Nagios XI server. For instructions on doing this, read the following document on the Nagios Library (http://library.nagios.com):
• Installing The WMI Client For XI
Page 1
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Windows Machine Requirements
WMI configuration described in this article are as follows:
✔ WMI service running✔ WMI user account✔ firewall rules
WMI Service
First, verify the correct WMI service is running
Click start, run, type “services.msc”
Start > run > services.msc
Before you can monitor Windows machines using WMI, you must ensure that the Windows Management Instrumentation service is running. You can configure and start the service in the Computer Management console under the Services section.
Windows Management Instrument✔ Started
Page 2
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Configure WMI user account:
Next, configure a WMI user account on the local machine. We'll create a new user account called “wmiagent” with a password “wmiagent” as an example.
From the command prompt:
net user wmiagent wmiagent /add
Adding WMI permissions
The following steps outline how to add only the permissions needed to a limited limited Windows user account. You can add the user to be a member of the local administrators group instead however.
Note: if you wish to monitor multiple computers across the domain, instead add the user to be a member of the “domain administrators” group.
Adding remote activation privilege to Windows DCOM
Next, we need to give our newly created user access to DCOM on the localhost. In order to do this, open component services.
From the windows start menu
click start, choose run, type “DCOMCnfg.exe”
start > run > DCOMCnfg.exe
Page 3
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Expand Component Services, and drill down to the local computer
Right click on My Computer and select properties
Select “COM Security” Tab, and next choose “Edit Limits...” from the “Launch Activation Permissions section.
Component Services > My Computer > Properties > COM Security > Launch Activation Permissions > Edit Limits
Under the section “Launch and Activation Permissions”, click Edit Limits
Add the user that will be used by Nagios to monitor this machine, in out case the user is wmiagent
Check Remote Launch and Remote Activation
✔ Remote Launch✔ Remote Activation
click OK twice
Page 4
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
adding remote WMI access
In order for our user to return data remotely from WMI, access to the WMI namespace CIMV2 is added
Open WMI control
Click start, choose run, type “WMImgmt.msc”
Right click on WMI Control(local) and select properties
start > run > WMImgmt.msc > WMI Control(local) > properties
Select the Security tab of the WMI Control Properties.
Expand Root, and right click on CIMV2, select properties
Security > Root > CIMV2 > properties
Page 5
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Check the following check boxes:
✔ Enable Account✔ Remote Enable
Windows Firewall
Next, configure the firewall rules specific to the version of windows being monitored.
Windows server 2008
Windows server 2008 should by default have the correct firewall rules set.
To check firewall settings, type “firewall” in the windows run dialog box.Start > Run > Firewall
Inbound Rules
✔ DCOM✔ WMI
Page 6
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
If the WMI rule group does not exist as pictured above, the recommended settings are listed here as outlined by Microsoft:
Start > run > cmd
type (or paste) the following in the command window:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
✔ more details can be found here:http://msdn.microsoft.com/en-us/library/windows/desktop/aa822854(v=vs.85).aspx
Page 7
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Windows server 2003
The following section describes firewall and DCOM port configuration. By default DCOM communicates with the client on a random port, so in order to write firewall rules, specifying a port range is also described.
start > run > “DCOMCnfg.exe”
expand Component Services, expand Computers, right-click “My Computer”, and select properties.
Next, choose the “Default Protocols” tab
Component Services > Computers > My Computer > properties > Default Protocols
Page 8
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Select properties, click “add”
Add a port range for COM services. In our example we selected range from 5000-5020. depending on your environment you may want to choose a different range
Allow the port range through the windows firewall. This command will open ports from 5000-5020 to match the COM Internet Services Range.
Click start > run > cmd
“FOR /L %I IN (5000,1,5020) DO netsh firewall add portopening TCP %I "COM"%I”
Lastly, open DCOM port 135
Click start > run > cmd
netsh firewall add portopening TCP 135 "DCOM"
Page 9
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
WMI requires a valid username and password on the target system.
This document will show how to configure Windows server 2008. The defined steps apply to previous version of Windows as well although locations of snap-ins may be different.
Windows XP
If you are running a firewall on the Windows machine, you must ensure that the Nagios server can contact the WMI service. To do this, you must open TCP Port 135 on the Windows firewall.
Installing The WMI Wizard
To get started using Nagios XI to monitor Windows machine with WMI, you need to install the Windows WMI monitoring wizard. The WMI monitoring wizard may be downloaded from the following link:
http://assets.nagios.com/downloads/nagiosxi/wizards/windowswmi.zip
The wizard can be installed under the Manage Config Wizards screen in the Admin section of Nagios XI.
Page 10
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
Running The WMI Wizard
Once the wizard is installed in Nagios XI, it will be available when you run the Monitoring Wizard from the Config menu.
The wizard will prompt you for the address of the Windows machine, along with the credentials used to authenticate.
The wizard will allow you to select what types of metrics and data should be monitored, along with warning and critical thresholds.
Metrics and data that can be monitored using the WMI wizard include:
✔ CPU Usage✔ Memory Usage✔ Page File Usage✔ Disk Usage✔ Service State✔ Process State✔ Event Log Data
Page 11
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103
The screenshot below shows disk, cpu, memory, service, and process monitoring capabilities of the WMI wizard:
Troubleshooting
Issue: Nagios showing (null) or “Install wmic”.
Fix: The WMIC plugins were not installed properly. Redo the steps outlined at
http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf
Page 12
Revision 1.0 – December, 2011
Nagios XI – Monitoring Windows Using WMI
Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.comP.O. Box 8154Saint Paul, MN 55108USA
Int'l: +1 651-204-9102 Email: [email protected]: +1 651-204-9103