Monitoring remote Windows applications

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
cmdl
Posts: 4
Joined: Fri Sep 16, 2011 7:19 pm

Monitoring remote Windows applications

Post by cmdl »

Hello, I hope this is an appropriate question for this forum.

The context is that we have multimedia content running on Windows boxes all over the place, and we have a server for controlling and monitoring what runs on those boxes. We're thinking of using Nagios to do some of that monitoring. A couple of questions...

As I understand it, the standard way of doing centralized monitoring would be to install NSClient++ on each of the Windows boxes. To get status information from the boxes to the server, either the server would call the client using check_nt or the client would call the server using NCSA.

If that's the case, I take it that we're going to have problems if we don't control the network the boxes are installed on and we can only rely on port 80 outwards through the firewall. Is that a showstopper or are there standard workarounds?

My second question: the Windows applications currently send application-level status and logging information to a webserver, and we're trying to work out if we have the option of using Nagios to transmit that logging information and do the application-level monitoring. The information passed back is quite bulky and detailed, and the only thing I've seen Nagios used for is for simpler UP/DOWN status information. So my question is: is it possible/feasible/worth considering to use Nagios for detailed application-level monitoring?
crfriend
Posts: 61
Joined: Thu Sep 01, 2011 7:53 am
Location: Central New England (USA)
Contact:

Re: Monitoring remote Windows applications

Post by crfriend »

cmdl wrote:[...]I take it that we're going to have problems if we don't control the network the boxes are installed on and we can only rely on port 80 outwards through the firewall. Is that a showstopper or are there standard workarounds?
The answer here is, "It depends." It depends on how good a relationship your team has with the network team (or whoever controls the firewalls). In environments where there is good cooperation between teams this is usually a trivial matter and folks will be willing to poke stateful "holes" in the 'wall for outbound NRPE queries and the responses to same; in environments where the relationship is adversarial (or worse) monitoring frequently becomes impossible if firewalls are involved and the only answer that the monitoring admin can use is, "No, that's not possible because we do not have visibility onto the target network by virtue of 'security' policy."
My second question: the Windows applications currently send application-level status and logging information to a webserver, and we're trying to work out if we have the option of using Nagios to transmit that logging information and do the application-level monitoring. The information passed back is quite bulky and detailed, and the only thing I've seen Nagios used for is for simpler UP/DOWN status information. So my question is: is it possible/feasible/worth considering to use Nagios for detailed application-level monitoring?
Is there an option here to intercept the data that the application layer is sending back, analyze it, and then submit passive checks to your Nagios instance based on those analyses? This would have the effect of short-circuiting the "security" folks (Have you ever seen what can be passed on port 80, even if it needs to be encapsulated in HTTP?) and allow you to take a good hard look at the verbose stuff coming back, distilling it, and then presenting that distilled view to your monitoring infrastructure.
cmdl
Posts: 4
Joined: Fri Sep 16, 2011 7:19 pm

Re: Monitoring remote Windows applications

Post by cmdl »

crfriend wrote:
cmdl wrote:[...]I take it that we're going to have problems if we don't control the network the boxes are installed on and we can only rely on port 80 outwards through the firewall. Is that a showstopper or are there standard workarounds?
The answer here is, "It depends." It depends on how good a relationship your team has with the network team (or whoever controls the firewalls). In environments where there is good cooperation between teams this is usually a trivial matter and folks will be willing to poke stateful "holes" in the 'wall for outbound NRPE queries and the responses to same; in environments where the relationship is adversarial (or worse) monitoring frequently becomes impossible if firewalls are involved and the only answer that the monitoring admin can use is, "No, that's not possible because we do not have visibility onto the target network by virtue of 'security' policy."
Good idea, not an option in this case - the machines are in the hands of clients, and the circumstances don't allow for ad-hoc negotiation. It looks like we're restricted to passive checks, and only if those can go through port 80. So we're wondering if there's an existing NCSA-over-HTTP tunneling tool that we can use.
My second question: the Windows applications currently send application-level status and logging information to a webserver, and we're trying to work out if we have the option of using Nagios to transmit that logging information and do the application-level monitoring. The information passed back is quite bulky and detailed, and the only thing I've seen Nagios used for is for simpler UP/DOWN status information. So my question is: is it possible/feasible/worth considering to use Nagios for detailed application-level monitoring?
Is there an option here to intercept the data that the application layer is sending back, analyze it, and then submit passive checks to your Nagios instance based on those analyses? This would have the effect of short-circuiting the "security" folks (Have you ever seen what can be passed on port 80, even if it needs to be encapsulated in HTTP?) and allow you to take a good hard look at the verbose stuff coming back, distilling it, and then presenting that distilled view to your monitoring infrastructure.
We're definitely looking at ways of making the monitoring less verbose. But we're wondering if we have the option of sending back verbose information through Nagios if it's necessary.
crfriend
Posts: 61
Joined: Thu Sep 01, 2011 7:53 am
Location: Central New England (USA)
Contact:

Re: Monitoring remote Windows applications

Post by crfriend »

cmdl wrote:[... T]he machines are in the hands of clients, and the circumstances don't allow for ad-hoc negotiation. It looks like we're restricted to passive checks, and only if those can go through port 80. So we're wondering if there's an existing NCSA-over-HTTP tunneling tool that we can use.
There is no "NSCA-over-HTTP tunneling tool" that I know of, but there's nothing saying you cannot deploy an NSCA listener that just happens to listen on port 80 and have your clients' systems transmit their checks to that host/port combo. Packet-inspecting firewalls will catch that, so you may be limited in how many customer sites will work, but most just operate on a port basis and allow port 80 to flow freely.
We're definitely looking at ways of making the monitoring less verbose. But we're wondering if we have the option of sending back verbose information through Nagios if it's necessary.
If you're using NSCA (or even NRPE) you'll be limited in the maximum payload you can send in a message, so you want to avoid going above that; however, if you can stay below that maximum (or violate the model by increasing the maximum size by altering the source-code) you'll be fine. My personal advice would be to pass the verbose bits back as performance data rather than "output" so notifications don't get obese.
cmdl
Posts: 4
Joined: Fri Sep 16, 2011 7:19 pm

Re: Monitoring remote Windows applications

Post by cmdl »

I must try to spell NSCA properly - SC = Service Check. NCSA is something different.

It looks like there are several ways that passive checks could be sent through HTTP.
  • Nagios has a CGI script: http://nagios.sourceforge.net/docs/3_0/ ... ml#cmd_cgi
  • Nagios Remote Data Processor: PHP script, accepts XML in a POST request, something like this:

    Code: Select all

    <checkresults>
            <checkresult type='service'  checktype='1'>
                    <hostname>myhost</hostname>
                    <servicename>myservice</servicename>
                    <state>0</state>
                    <output>testing 123</output>
            </checkresult>
    </checkresults>
    
    
  • NCSAWeb: Python webserver, accepts data in a Unix style one-line-per-item format:

    Code: Select all

    printf "[%lu] PROCESS_SERVICE_CHECK_RESULT;localhost;True 1;2;CRITICAL- Whatever\\\nline2\\\nline3\n" $(date +%s) | \
    curl -d username="default" -d password="changeme" --data-urlencode "input@-" localhost:5668/queue
    
  • And it looks like it would be easy enough to implement our own - accept input from web, write it to the Nagios command file.
Of course, that's all outside Nagios, and it leaves us with the responsibility of scheduling and executing checks, and implementing the client side of the HTTP notification protocol.

The NSCA module of NSClient++ is an existing implementation that executes checks according to a schedule and sends their results to a server. So what we need is something exactly like that except that it sends results over HTTP instead of NSCA. The NSClient++ documentation has a suggestion that a HTTP notification protocol could be implemented using a Lua script. I'll have to look into that in more detail.
Locked