Windows hosts passive checks with Nagios NRDP

[sidserra]

Hi,

excuse me my poor English...

I tried to find out here something about how to do Windows hosts send passive checks to a nrdp server, but all posts consulted didn't help me. I have some Windows hosts and I need to check if these hosts are alive or not; as theses hosts can't be accessed directly by nrdp server, it's necessary to use passive checks. With the send_nrdp script to Linux is easy (with Linux hosts), but with Windows hosts is more hard. I tried to use NCPA (ncpa-1.8.1.exe) following the tutorial that I found searching in the forum. I think that I configured all parameters correctly but I could not make it work. I created a host in the localhost Nagios config file and I Installed the NCPA in Windows but it isn't working. The NCSA passive log file is:

ParseError: junk after document element: line 1, column 40
2016-06-20 13:29:14,686:INFO:__init__:Establishing passive handler: Handler
2016-06-20 13:29:14,686:INFO:__init__:Running check: /cpu/percent --warning 20 --critical 30
2016-06-20 13:29:15,690:INFO:__init__:Running check: /memory/swap/percent --warning 40 --critical 80
2016-06-20 13:29:15,690:INFO:__init__:Running check: /memory/virtual/percent --warning 60 --critical 80
2016-06-20 13:29:15,690:INFO:connectionpool:Starting new HTTP connection (1): NRDP_IP_SERVER
2016-06-20 13:29:16,257:INFO:__init__:Message from NRDP server: OK
2016-06-20 13:29:16,257:INFO:__init__:Meta output from NRDP server: 3 checks processed.
2016-06-20 13:34:16,286:INFO:__init__:Establishing passive handler: Handler
2016-06-20 13:34:16,288:INFO:connectionpool:Starting new HTTP connection (1): NRDP_IP_SERVER
2016-06-20 13:34:16,855:ERROR:__init__:junk after document element: line 1, column 40
Traceback (most recent call last):
File "C:\ncpa\agent\ncpa_windows.py", line 192, in run_all_handlers
File "C:\Program Files (x86)\Nagios\NCPA\passive\nrds.py", line 37, in run
if self.config_update_is_required(nrds_url, nrds_token, nrds_config, nrds_config_version):
File "C:\Program Files (x86)\Nagios\NCPA\passive\nrds.py", line 137, in config_update_is_required
response_xml = ET.fromstring(url_request)
File "C:\Python27\lib\xml\etree\ElementTree.py", line 1300, in XML
File "C:\Python27\lib\xml\etree\ElementTree.py", line 1642, in feed
File "C:\Python27\lib\xml\etree\ElementTree.py", line 1506, in _raiseerror
ParseError: junk after document element: line 1, column 40
2016-06-20 13:34:16,855:INFO:__init__:Establishing passive handler: Handler
2016-06-20 13:34:16,855:INFO:__init__:Running check: /cpu/percent --warning 20 --critical 30
2016-06-20 13:34:17,871:INFO:__init__:Running check: /memory/swap/percent --warning 40 --critical 80
2016-06-20 13:34:17,871:INFO:__init__:Running check: /memory/virtual/percent --warning 60 --critical 80
2016-06-20 13:34:17,871:INFO:connectionpool:Starting new HTTP connection (1): NRDP_IP_SERVER
2016-06-20 13:34:18,401:INFO:__init__:Message from NRDP server: OK
2016-06-20 13:34:18,401:INFO:__init__:Meta output from NRDP server: 3 checks processed.

In the log the NRDP server responded OK but seems that the server doesn't "understand" the passive check sent by NCSA. What I need is just show to nrdp server that a host is alive or not, I don't need any informations like disk capacities, swap and memory usage, exactly what happens with send_nrdp script by Linux.

Any help?

[ssax]

Please attach a sanitized copy of your ncpa.cfg file so that we can review it.

Make sure that your NRDP URL in your ncpa.cfg file ends in a /:

Code: Select all

http://YOURNAGIOSSERVER/nrdp/

If you change that, make sure to restart the NCPA services.

Thank you

[sidserra]

So...

I made the change in nrdp server (http://nrdp_ip_server/nrdp/) and the problem persists. That's my config file (I just inserted the nrdp server parameters, like token and nrdp address):

[listener]
uid = nagios
certificate = adhoc
loglevel = info
ip = 0.0.0.0
gid = nagcmd
logfile = var/ncpa_listener.log
port = 5693
pidfile = var/ncpa_listener.pid
# Available versions: PROTOCOL SSLv2, SSLv3, TLSv1
ssl_version = TLSv1

[passive]
uid = nagios
handlers = nrds,nrdp
loglevel = info
gid = nagcmd
sleep = 300
logfile = var/ncpa_passive.log
pidfile = var/ncpa_passive.pid

[nrdp]
token =nrdp_token
hostname =SectTest
parent =http://nrdp_ip_server/nrdp/

[nrds]
URL =http://nrdp_ip_server/nrdp/
CONFIG_VERSION =0
TOKEN =nrdp_token
CONFIG_NAME =Windows Server
CONFIG_OS = None
PLUGIN_DIR=plugins/
UPDATE_CONFIG=1
UPDATE_PLUGINS=1

[api]
community_string =I_Put_Nrdp_Token

[plugin directives]
plugin_path = plugins/
.sh = /bin/sh $plugin_name $plugin_args
.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args
.vbs = cscript $plugin_name $plugin_args //NoLogo

[passive checks]
%HOSTNAME%|cpu usage = /cpu/percent --warning 20 --critical 30
%HOSTNAME%|swap usage = /memory/swap/percent --warning 40 --critical 80
%HOSTNAME%|memory usage = /memory/virtual/percent --warning 60 --critical 80

The passive checks sent with nagios webpage or send_nrdp script work fine (the remote host appears alive with a personal message) but doesn't work with NCPA.

[lmiltchev]

The passive checks sent with nagios webpage or send_nrdp script work fine (the remote host appears alive with a personal message) but doesn't work with NCPA.

What exactly "doesn't work"? Can you elaborate?

I haven't tried NCPA with Nagios Core, but it works fine for me with Nagios XI. Here's what I have in the ncpa.cfg on the Windows host:

Code: Select all

[listener]
uid = nagios
certificate = adhoc
loglevel = info
ip = 0.0.0.0
gid = nagcmd
logfile = var/ncpa_listener.log
port = 5693
pidfile = var/ncpa_listener.pid
# Available versions: PROTOCOL SSLv2, SSLv3, TLSv1
ssl_version = TLSv1

[passive]
uid = nagios
handlers = nrds,nrdp
loglevel = info
gid = nagcmd
sleep = 600
logfile = var/ncpa_passive.log
pidfile = var/ncpa_passive.pid

[nrdp]
token = mytoken
hostname = Windows7-NCPA
parent = http://x.x.x.x/nrdp/

[nrds]
URL =
CONFIG_VERSION =0
TOKEN =
CONFIG_NAME =
CONFIG_OS = None
PLUGIN_DIR=plugins/
UPDATE_CONFIG=1
UPDATE_PLUGINS=1

[api]
community_string =mytoken

[plugin directives]
plugin_path = plugins/
.sh = /bin/sh $plugin_name $plugin_args
.ps1 = powershell -ExecutionPolicy Bypass -File $plugin_name $plugin_args
.vbs = cscript $plugin_name $plugin_args //NoLogo
.exe = cmd /c $plugin_name $plugin_args

[passive checks]
%HOSTNAME%|CPU USAGE = /cpu/percent --warning 20 --critical 30
%HOSTNAME%|SWAP USAGE = /memory/swap/percent --warning 40 --critical 80
%HOSTNAME%|MEMORY USAGE = /memory/virtual/percent --warning 60 --critical 80

Here's what I see in the Nagios XI web UI:

And here's an example of one of the configs on the nagios side of things:

Code: Select all

define service {
	host_name			Windows7-NCPA
	service_description		MEMORY USAGE
	use				xiwizard_passive_service
	check_command			check_xi_ncpa_agent!-t 'mytoken' -P 5693 -M memory/virtual/percent -w 50 -c 80
	max_check_attempts		1
	check_interval			1
	retry_interval			1
	check_period			xi_timeperiod_24x7
	notification_interval		60
	notification_period		xi_timeperiod_24x7
	notifications_enabled		0
	contacts			nagiosadmin
	stalking_options		n
	_xiwizard			passiveobject
	register			1
	}

[sidserra]

Well, I have some Windows hosts installed with others hosts with Linux in a local network and a nagios server (Core, not XI) in the cloud (I mean, directly in the internet). So, the nagios server can't reach the hosts in a local area network and, in Linux hosts, I use the send_nrdp script to send passive checks (host alive) to nrdp server to mark it as alive. Theses passive checks work fine with the script, but using NCPA the Windows host inserted in the Nagios Core isn't marked as a host alive. For example, I inserted a host called "SectTest" (no matter if this host is a Linux or a Windows ones) and the send_nrdp script works fine, marking in the Nagios hosts list the host "SectTest" as alive (UP). So, the NRDP server in Nagios is working well. But the NCPA installed in Windows host doesn't work, I mean, the passive check sent to Nrdp server in Nagios doesn't mark the "SectTest" as alive (UP). I posted here some lines of the NCPA log and it is showing that the NRDP server accepted the passive check but the Nrdp server didn't mark it as a host alive (UP).

2016-06-20 13:34:17,871:INFO:connectionpool:Starting new HTTP connection (1): NRDP_IP_SERVER
2016-06-20 13:34:18,401:INFO:__init__:Message from NRDP server: OK
2016-06-20 13:34:18,401:INFO:__init__:Meta output from NRDP server: 3 checks processed.

This is my problem, the NCPA passive checks isn't working, looks like the Nrdp server receives but doesn't recognize the xml file sent by NCPA.

[tgriep]

I think the issue is that the Windows version of NCPA doesn't send over a "Host Check" it only sends over service checks in passive mode.
Is the Nagios Core system receiving the service checks for that host?

[sidserra]

Again, I'm sorry my poor English, hehehe...

I just checked the nagios nrdp server log and I confirmed that NCPA is sending the passive checks AND the nrdp nagios server is receiving it, above a few lines of the nrdp nagios server log:

Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'memory usage' on host 'SectTest'. Unable to find service
Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'cpu usage' on host 'SectTest'. Unable to find service
Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'swap usage' on host 'SectTest'. Unable to find service

Above a few lines of nrdp nagios server log with passive checks sent by send_nrdp script:

Jun 27 10:11:53 Nagios-NavesdoConhecimento nagios: PASSIVE HOST CHECK: Nave_do_Conhecimento_Triagem;0;06-27-16 10-00 - Speed:2016-06-27 10:00:05 (2,51 MB/s) - “/dev/null” salvo [10485760/10485760] (ONLINE).

I changed this script to send an internet bandwidth usage, that's why the "strange" message, hehehehe... So, I thought that NCPA worked as the send_nrdp script works. Whick the command in the NCPA file I need to put to send ping passive checks to nrdp server? I don't need cpu, memory ou swap usage; or if I activate theses services in the nrdp nagios template the host will be showed as alive (UP)?

Above the commands in a NCPA file:

[passive checks]
%HOSTNAME%|cpu usage = /cpu/percent --warning 20 --critical 30
%HOSTNAME%|swap usage = /memory/swap/percent --warning 40 --critical 80
%HOSTNAME%|memory usage = /memory/virtual/percent --warning 60 --critical 80

[tgriep]

The NCPA agent doesn't have a Host Check but you could use one of the already defined service check in the NCPA and then setup freshness checking on the Nagios Core server to send notifications is the service check hasn't been received is a certain time period.
Take a look at this link for configuring the server for freshness checks.
https://assets.nagios.com/downloads/nag ... hness.html

[sidserra]

None of commands inside in the windows.cfg worked (I think that I am doing something wrong, heheh). I activated the Windows.cfg in nagios.conf, I created the Windows Group and all hosts are listed in the Nagios host list, but none listed as alive (up). The Nagios log shows the same messages that I posted here before:

Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'memory usage' on host 'SectTest'. Unable to find service
Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'cpu usage' on host 'SectTest'. Unable to find service
Jun 27 09:58:03 Nagios-NavesdoConhecimento nagios: Error: Got check result for service 'swap usage' on host 'SectTest'. Unable to find service

With the services activated now, there are new messages:

Jun 28 12:23:19 Nagios-NavesdoConhecimento nagios: SERVICE ALERT: SectTest;C:\ Drive Space;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Jun 28 12:23:29 Nagios-NavesdoConhecimento nagios: SERVICE ALERT: SectTest;Explorer;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Jun 28 12:23:39 Nagios-NavesdoConhecimento nagios: SERVICE ALERT: SectTest;NSClient++ Version;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds
Jun 28 12:23:49 Nagios-NavesdoConhecimento nagios: SERVICE ALERT: SectTest;W3SVC;CRITICAL;SOFT;1;CRITICAL - Socket timeout after 10 seconds

I 'm seriously thinking to emulate a linux distro inside of the windows host and to use send_nrdp script...

[tgriep]

For passive monitoring to function, you have to create the service checks in Nagios before sending the checks from the Windows Host to the Core server.
The unable to find service messages in the log file shows that they need to be created.

Here are some examples you can use for the service checks.

Code: Select all

define service {
	host_name			SectTest
	service_description		cpu usage
	use				passive_service
	max_check_attempts		1
	check_interval			1
	retry_interval			1
	check_period			xi_timeperiod_24x7
	notification_interval		60
	notification_period		xi_timeperiod_24x7
	contacts			nagiosadmin
	stalking_options		n
	_xiwizard			passiveobject
	register			1
	}	

define service {
	host_name			SectTest
	service_description		memory usage
	use				passive_service
	max_check_attempts		1
	check_interval			1
	retry_interval			1
	check_period			xi_timeperiod_24x7
	notification_interval		60
	notification_period		xi_timeperiod_24x7
	contacts			nagiosadmin
	stalking_options		n
	_xiwizard			passiveobject
	register			1
	}	

define service {
	host_name			SectTest
	service_description		swap usage
	use				passive_service
	max_check_attempts		1
	check_interval			1
	retry_interval			1
	check_period			xi_timeperiod_24x7
	notification_interval		60
	notification_period		xi_timeperiod_24x7
	contacts			nagiosadmin
	stalking_options		n
	_xiwizard			passiveobject
	register			1
	}

Also, an example of the Passive Service template

Code: Select all

define service {
       name                          		passive_service
       service_description           		Passive Service
       use                           		generic_service
       check_command                 		check_dummy!0!"No data received yet."
       is_volatile                   		0
       initial_state                 		o
       max_check_attempts            		1
       active_checks_enabled         		0
       passive_checks_enabled        		1
       flap_detection_enabled        		0
       stalking_options              		o,w,u,c
       register                    		0

}

Setup those services and enable freshness checking to the template and is should start to function like you want.