Page 2 of 10
Re: Using NRPE for windows server
Posted: Mon Jan 01, 2018 4:41 pm
by dwhitfield
You don't need a windows.cfg. You can put the hosts and service configs where you like.
You'll need a command definition that looks something like
Code: Select all
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t 20
}
I don't know what checks you are trying to run, but let's assume you want to check the swap. In the service definition, you'll want something like
check_command check_nrpe!check_swap!20!10.
You can see the full requirements for the host object and service object at
https://assets.nagios.com/downloads/nag ... tions.html
Re: Using NRPE for windows server
Posted: Wed Jan 03, 2018 3:55 pm
by skypete
AnyLuck?
Re: Using NRPE for windows server
Posted: Wed Jan 03, 2018 4:02 pm
by skypete
I just want to get the basics to work for now that is all.
Re: Using NRPE for windows server
Posted: Wed Jan 03, 2018 4:08 pm
by dwhitfield
It doesn't look like you followed our documentation at
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Please modify the NSClient.ini as directed in the document and then send your nsclient.ini for review if it is still not working.
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 3:43 pm
by skypete
I followed the guides and enabled the nrpe listener still no luck. i ran telnet <IP Address> 5666 and the getting connection refused. the Firewall is open and can ping to my nagios core server. here is my ini file for my windows machine thanks.
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 3:46 pm
by skypete
Could you please post a KB on how to step by step add the check_nrpe template in nagios as well thanks so much
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 3:47 pm
by skypete
Where do you add this command?
dwhitfield wrote:You don't need a windows.cfg. You can put the hosts and service configs where you like.
You'll need a command definition that looks something like
Code: Select all
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ -t 20
}
I don't know what checks you are trying to run, but let's assume you want to check the swap. In the service definition, you'll want something like
check_command check_nrpe!check_swap!20!10.
You can see the full requirements for the host object and service object at
https://assets.nagios.com/downloads/nag ... tions.html
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 4:04 pm
by skypete
Here the info your requested after running that command.
bolson wrote:Have you installed NSClient++ on the Windows host? Any installation issues? Can you run the following command from you ubuntu host and post the result:
Code: Select all
telnet <ip_addr_of_windows_host> 5666
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 6:02 pm
by npolovenko
@skypete, Looks like your nsclient.ini file is missing a few config options. Try replacing the whole ini file with mine below.
Code: Select all
# If you want to fill this file with all available options run the following command:
# nscp settings --generate --add-defaults --load-all
# If you want to activate a module and bring in all its options use:
# nscp settings --activate-module <MODULE NAME> --add-defaults
# For details run: nscp settings --help
; TODO
[/settings/default]
; Undocumented key
password = 12345
; Undocumented key
allowed hosts = 127.0.0.1,::1,192.168.128.130
; CACHE ALLOWED HOSTS - If host names (DNS entries) should be cached, improves speed and security somewhat but won't allow you to have dynamic IPs for your Nagios server.
cache allowed hosts = 1
; TIMEOUT - Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out.
timeout = 30
; TODO
[/modules]
; Undocumented key
CheckHelpers = 1
; Undocumented key
CheckEventLog = 1
; Undocumented key
CheckNSCP = 1
; Undocumented key
CheckSystem = 1
; Undocumented key
NSClientServer = 1
; NRPEServer - A server that listens for incoming NRPE connection and processes incoming requests.
NRPEServer = 1
; CheckExternalScripts - Execute external scripts
CheckExternalScripts = 1
; CheckDisk - CheckDisk can check various file and disk related things.
CheckDisk = 1
; A set of options to configure the real time checks
[/settings/system/windows/real-time]
; Configure which services has to be in which state
[/settings/system/windows/service mapping]
; TODO
[/settings/system/windows/counters/default]
; TODO
[/settings/system/windows/counters]
; TODO
[/settings/log/file]
; TODO
[/settings/log]
; LOG LEVEL - Log level to use. Available levels are error,warning,info,debug,trace
level = debug
; DATEMASK - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
date format = %Y-%m-%d %H:%M:%S
; FILENAME - The file to write log data to. Set this to none to disable log to file.
file name = ${exe-path}/nsclient.log
; TODO
[/settings/system/windows]
; DEFAULT LENGTH - Used to define the default interval for range buffer checks (ie. CPU).
default buffer length = 1h
; TODO
[/settings/external scripts/scripts/default]
; IGNORE PERF DATA - Do not parse performance data from the output
ignore perfdata = 1
; A list of wrapped scripts (ie. scruts using a template mechanism). The template used will be defined by the extension of the script.
[/settings/external scripts/wrapped scripts]
check_windows_time = check_windows_time.bat.pool.ntp.org $ARG1$ $ARG2$
; TODO
[/settings/external scripts/alias]
; TODO
[/settings/eventlog/real-time/filters/default]
; EMPTY MESSAGE - The message to display if nothing matches the filter (generally considered the ok state).
empty message = eventlog found no records
; MAGIMUM AGE - How long before reporting "ok". If this is set to "false" no periodic ok messages will be reported only errors.
maximum age = 5m
; A set of filters to use in real-time mode
[/settings/eventlog/real-time/filters]
; TODO
[/settings/eventlog/real-time]
; STARTUP AGE - The initial age to scan when starting NSClient++
startup age = 30m
; REAL TIME CHECKING - Spawns a background thread which detects issues and reports them back instantly.
enabled = 0
; LOGS TO CHECK - Comma separated list of logs to check
log = application,system
; DEBUG - Log missed records (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0
; A list of scripts available to run from the CheckExternalScripts module. Syntax is: <command>=<script> <arguments>
[/settings/external scripts/scripts]
restart_service = scripts\restart_service.bat "$ARG1$"
check_windows_time=scripts\check_windows_time.bat $ARG1$
; TODO
[/settings/external scripts/alias/default]
; TODO
[/settings/shared session]
; TODO
[/settings/crash]
; RESTART SERVICE NAME - The url to submit crash reports to
restart target = NSCP
; CRASH ARCHIVE LOCATION - The folder to archive crash dumps in
archive folder = ${crash-folder}
; RESTART - Submit crash reports to nsclient.org (or your configured submission server)
restart = true
; SUBMISSION URL - The url to submit crash reports to
submit url = https://crash.nsclient.org/post
; ARCHIVE CRASHREPORTS - Archive crash reports in the archive folder
archive = true
; A set of filters to use in real-time mode
[/settings/system/windows/real-time/checks]
; TODO
[/settings/NSClient/server]
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 0
; PORT NUMBER - Port to use for check_nt.
port = 12489
; PERFORMANCE DATA - Send performance data back to Nagios (set this to 0 to remove all performance data).
performance data = 1
; TODO
[/settings/external scripts]
; COMMAND TIMEOUT - The maximum time in seconds that a command can execute. (if more then this execution will be aborted). NOTICE this only affects external commands not internal ones.
timeout = 80
; COMMAND ARGUMENT PROCESSING - This option determines whether or not the we will allow clients to specify arguments to commands that are executed.
allow arguments = true
; COMMAND ALLOW NASTY META CHARS - This option determines whether or not the we will allow clients to specify nasty (as in |`&><'"\[]{}) characters in arguments.
allow nasty characters = true
; TODO
[/paths]
; Path for shared-path -
shared-path = C:\Program Files\NSClient++
; Path for module-path -
module-path = ${shared-path}/modules
; Path for crash-folder -
crash-folder = ${shared-path}/crash-dumps
; Path for exe-path -
exe-path = C:\Program Files\NSClient++
; Path for certificate-path -
certificate-path = ${shared-path}/security
; Path for base-path -
base-path = C:\Program Files\NSClient++
; Files to be included in the configuration
[/includes]
; TODO
[/settings/eventlog]
; DEBUG - Log more information when filtering (useful to detect issues with filters) not useful in production as it is a bit of a resource hog.
debug = 0
; LOOKUP NAMES - Lookup the names of eventlog files
lookup names = 1
; BUFFER_SIZE - The size of the buffer to use when getting messages this affects the speed and maximum size of messages you can recieve.
buffer size = 131072
; TODO
[/settings/external scripts/wrappings]
; BATCH FILE WRAPPING -
bat = scripts\\%SCRIPT% %ARGS%
; VISUAL BASIC WRAPPING -
vbs = cscript.exe //T:30 //NoLogo scripts\\lib\\wrapper.vbs %SCRIPT% %ARGS%
; POWERSHELL WRAPPING -
ps1 = cmd /c echo If (-Not (Test-Path "scripts\%SCRIPT%") ) { Write-Host "UNKNOWN: Script `"%SCRIPT%`" not found."; exit(3) }; scripts\%SCRIPT% $ARGS$; exit($lastexitcode) | powershell.exe /noprofile -command -
; TODO
[/settings/NRPE/server]
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. default-workarounds Various workarounds for what I understand to be broken ssl implementations no-sslv2 Do not use the SSLv2 protocol. no-sslv3 Do not use the SSLv3 protocol. no-tlsv1 Do not use the TLSv1 protocol. single-dh-use Always create a new key when using temporary/ephemeral DH parameters. This option must be used to prevent small subgroup attacks, when the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters).
ssl options =
; VERIFY MODE - Comma separated list of verification flags to set on the SSL socket. none The server will not send a client certificate request to the client, so the client will not send a certificate. peer The server sends a client certificate request to the client and the certificate returned (if any) is checked. fail-if-no-cert if the client did not return a certificate, the TLS/SSL handshake is immediately terminated. This flag must be used together with peer. peer-cert Alias for peer and fail-if-no-cert. workarounds Various bug workarounds. single Always create a new key when using tmp_dh parameters. client-once Only request a client certificate on the initial TLS/SSL handshake. This flag must be used together with verify-peer
verify mode = none
; ALLOW INSECURE CHIPHERS and ENCRYPTION - Only enable this if you are using legacy check_nrpe client.
insecure = true
allow arguments = true
allow nasty characters = true
; ENABLE SSL ENCRYPTION - This option controls if SSL should be enabled.
use ssl = 1
; PORT NUMBER - Port to use for NRPE.
port = 5666
After you replaced it please restart NSclient(you can do that from the command line or from the GUI windows services menu).
After that, you may navigate to the /usr/local/nagios/libexec/ folder on your
Nagios server and run the following command:
Code: Select all
./check_nt -H 192.168.3.244 -s "12345" -p 12489 -v CPULOAD -l 5,80,90
*Replace the IP address with your windows Server's IP.
You could also run this command:
Let us know if these commands fail or succeed.
Re: Using NRPE for windows server
Posted: Thu Jan 04, 2018 7:40 pm
by skypete
Thank you i will try this really appreciate your help.