Check_WMI_Plus error when no results from eventlog
Re: Check_WMI_Plus error when no results from eventlog
The link below is for wmic commands information.
https://www.aldeid.com/wiki/Wmic-linux
When you run the wmic command, use the IP address and not the DNS name of the server, does that work?
In the /etc/resolve.conf file on the XI server, add the IP address of your Active Directory servers so lookups can fine the systems in AD.
Also, on the Windows host you are trying to run the check against, put the user account in the Local Administrators group and test to see if that works.
https://www.aldeid.com/wiki/Wmic-linux
When you run the wmic command, use the IP address and not the DNS name of the server, does that work?
In the /etc/resolve.conf file on the XI server, add the IP address of your Active Directory servers so lookups can fine the systems in AD.
Also, on the Windows host you are trying to run the check against, put the user account in the Local Administrators group and test to see if that works.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Check_WMI_Plus error when no results from eventlog
In addition to what @tgriep requested, I've actually been looking at alternatives to WMIC since the output it provides isn't always useful and the documentation is limited. Though I suspect the FQDN vs IP is the key.
With the understanding that this is in the early testing stages and doesn't come with a particular guarantee, you might try leveraging the python script I have attached to execute WQL queries by hand and get the results. This is an option we're exploring beyond WMIC due to the availability of better debugging tools within Python. On a regular Nagios XI installation, you'll need to install the following dependencies:
Usage examples:
With the understanding that this is in the early testing stages and doesn't come with a particular guarantee, you might try leveraging the python script I have attached to execute WQL queries by hand and get the results. This is an option we're exploring beyond WMIC due to the availability of better debugging tools within Python. On a regular Nagios XI installation, you'll need to install the following dependencies:
Code: Select all
pip install impacket
pip install pyasn1
pip install pycrypto
Code: Select all
[root@xi-rev tmp]# python send_wql.py -h
usage: send_wql.py [-h] -H HOST -u USERNAME -p PASSWORD -q QUERY
Executes WQL queries and gets object descriptions using Windows Management
Instrumentation.
optional arguments:
-h, --help show this help message and exit
-H HOST, --host HOST The host name or logical address of the remote Windows
machine.
-u USERNAME, --username USERNAME
The host name or logical address of the remote Windows
machine.
-p PASSWORD, --password PASSWORD
The host name or logical address of the remote Windows
machine.
-q QUERY, --query QUERY
The WQL query you wish to execute and get results for.
...
[root@xi-stable ~]# python send_wql.py -H 192.168.67.99 -u admin -p welcome123 -q 'select * from Win32_OperatingSystem'
{'MaxProcessMemorySize': 137438953344, 'WindowsDirectory': 'C:\\Windows', 'LastBootUpTime': '20170207132751.492051-360', 'SizeStoredInPagingFiles': 720896, 'MaxNumberOfProcesses': None, 'FreePhysicalMemory': 2201228, 'DataExecutionPrevention_Available': 'True', 'CSName': 'WIN-NFRUUIO4D46', 'MUILanguages': ['en-US'], 'SerialNumber': '00258-20571-39419-AA346', 'Distributed': 0, 'Primary': 'True', 'EncryptionLevel': 256, 'Debug': 0, 'SystemDrive': 'C:', 'Version': '6.3.9600', 'FreeSpaceInPagingFiles': 632944, 'NumberOfProcesses': 77, 'SystemDevice': '\\Device\\HarddiskVolume1', 'OSType': 18, 'CurrentTimeZone': -360, 'SystemDirectory': 'C:\\Windows\\system32', 'PlusProductID': 0, 'RegisteredUser': 'admin', 'Status': 'OK', 'ServicePackMajorVersion': 0, 'Description': 'My business server', 'CountryCode': '1', 'OSArchitecture': '64-bit', 'ForegroundApplicationBoost': 2, 'OperatingSystemSKU': 50, 'ServicePackMinorVersion': 0, 'SuiteMask': 305, 'OSProductSuite': 305, 'OSLanguage': 1033, 'DataExecutionPrevention_Drivers': 'True', 'TotalVirtualMemorySize': 4914608, 'NumberOfLicensedUsers': 0, 'DataExecutionPrevention_SupportPolicy': 3, 'TotalSwapSpaceSize': 0, 'Manufacturer': 'Microsoft Corporation', 'BuildType': 'Multiprocessor Free', 'CSDVersion': 0, 'FreeVirtualMemory': 2614940, 'Name': 'Microsoft Windows Server 2012 R2 Essentials|C:\\Windows|\\Device\\Harddisk0\\Partition1', 'InstallDate': '20160623112408.000000-300', 'NumberOfUsers': 8, 'Caption': 'Microsoft Windows Server 2012 R2 Essentials', 'TotalVisibleMemorySize': 4193712, 'LocalDateTime': '20170215113649.383000-360', 'OtherTypeDescription': 0, 'Organization': '', 'PortableOperatingSystem': 0, 'PAEEnabled': 0, 'PlusVersionNumber': 0, 'Locale': '0409', 'CSCreationClassName': 'Win32_ComputerSystem', 'BuildNumber': '9600', 'LargeSystemCache': 0, 'CodeSet': '1252', 'CreationClassName': 'Win32_OperatingSystem', 'DataExecutionPrevention_32BitApplications': 'True', 'BootDevice': '\\Device\\HarddiskVolume1', 'ProductType': 2}
...
[root@xi-rev ~]# python send_wql.py -H 192.168.67.99 -u admin -p welcome123 -q 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total";'
{'Timestamp_Sys100NS': 131316538434507891, 'PercentProcessorTime': 6172579140625}
You do not have the required permissions to view the files attached to this post.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Check_WMI_Plus error when no results from eventlog
@tgriep
@mcapra Thanks, I can look into this as well.
Thanks, I will check this site out.The link below is for wmic commands information.
https://www.aldeid.com/wiki/Wmic-linux
Yes, this works, but we are set up for DHCP not static, so this could lead to other issues down the road.When you run the wmic command, use the IP address and not the DNS name of the server, does that work?
This did not solve the issue.In the /etc/resolve.conf file on the XI server, add the IP address of your Active Directory servers so lookups can fine the systems in AD.
The account is a member of the local admins.Also, on the Windows host you are trying to run the check against, put the user account in the Local Administrators group and test to see if that works.
@mcapra Thanks, I can look into this as well.
Re: Check_WMI_Plus error when no results from eventlog
You brought up the idea previously of changing the script to attempt to resolve the FQDN then use the IP. That doesn't require too many changes to the code actually.
In the modules section near the top, make sure to add the following:
Around line 1980, change this:
To this:
See if that helps things a bit. Looks promising in my very limited tests:
In the modules section near the top, make sure to add the following:
Code: Select all
use Socket;
Code: Select all
# now add the namespace, hostname and query arguments
push(@wmi_args,'--namespace',$wmi_namespace);
push(@wmi_args,"//$the_arguments{'_host'}");
push(@wmi_args,"$wmi_query");
Code: Select all
# now add the namespace, hostname and query arguments
push(@wmi_args,'--namespace',$wmi_namespace);
# resolve fqdn to ip address first
my $address = inet_ntoa(inet_aton($the_arguments{'_host'}));
push(@wmi_args,"//$address");
push(@wmi_args,"$wmi_query");
Code: Select all
[root@xi-stable perfdata]# /usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.67.99 -u admin -p welcome123 -m checkcpu -d | grep wmic
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//192.168.67.99' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
...
[root@xi-stable perfdata]# /usr/local/nagios/libexec/check_wmi_plus.pl -H mywmi.host.com -u admin -p welcome123 -m checkcpu -d | grep wmic
QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//192.168.67.99' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Check_WMI_Plus error when no results from eventlog
@mcapra The last command " pip install pycrypto" produced an error message.
pip version
I'd rather not dive in to another whole level of troubleshooting to get this to work. Particularly since after getting it to work, I'd have to go back in and redo all the WMI service checks we already have in place. It is something I could probably toy with on my own time to measure performance / reliability differences, but for our production servers, I really need the WMIC check to work.
Back to @tgriep 's link https://www.aldeid.com/wiki/Wmic-linux is helpful, but pretty much is a web site containing the --help output with two very basic examples. I found entering the --kerberos="no" command suppresses the kinit command and I do not see the "unable to reach any KDC in realm..." error message. Unfortunately, I still see:
The odd thing is, AFTER that error message, I see the results of the query:
Code: Select all
pip install impacket
pip install pyasn1
pip install pycrypto
Code: Select all
...
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-o9VnZ3/pycrypto/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-41lRxn-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-o9VnZ3/pycrypto/
Code: Select all
# pip --version
pip 9.0.1 from /usr/lib/python2.6/site-packages (python 2.6)
I'd rather not dive in to another whole level of troubleshooting to get this to work. Particularly since after getting it to work, I'd have to go back in and redo all the WMI service checks we already have in place. It is something I could probably toy with on my own time to measure performance / reliability differences, but for our production servers, I really need the WMIC check to work.
Back to @tgriep 's link https://www.aldeid.com/wiki/Wmic-linux is helpful, but pretty much is a web site containing the --help output with two very basic examples. I found entering the --kerberos="no" command suppresses the kinit command and I do not see the "unable to reach any KDC in realm..." error message. Unfortunately, I still see:
Code: Select all
[librpc/rpc/dcerpc_connect.c:329:dcerpc_pipe_connect_ncacn_ip_tcp_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_ncacn_ip_tcp_recv
[librpc/rpc/dcerpc_connect.c:790:dcerpc_pipe_connect_b_recv()] failed NT status (c00000b5) in dcerpc_pipe_connect_b_recv
Code: Select all
[wmi/wmic.c:196:main()] OK : Login to remote object.
[wmi/wmic.c:200:main()] OK : WMI query execute.
[wmi/wmic.c:203:main()] OK : Reset result of WMI query.
[wmi/wmic.c:212:main()] OK : Retrieve result data.
CLASS: Win32_OperatingSystem
Re: Check_WMI_Plus error when no results from eventlog
There's steps I can provide to work around the pycrypto error, but for the reasons you stated I think the changes for check_wmi_plus.pl I provided are probably a better lead to chase.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: Check_WMI_Plus error when no results from eventlog
mcapra wrote:You brought up the idea previously of changing the script to attempt to resolve the FQDN then use the IP. That doesn't require too many changes to the code actually.
In the modules section near the top, make sure to add the following:
Around line 1980, change this:Code: Select all
use Socket;
To this:Code: Select all
# now add the namespace, hostname and query arguments push(@wmi_args,'--namespace',$wmi_namespace); push(@wmi_args,"//$the_arguments{'_host'}"); push(@wmi_args,"$wmi_query");
See if that helps things a bit. Looks promising in my very limited tests:Code: Select all
# now add the namespace, hostname and query arguments push(@wmi_args,'--namespace',$wmi_namespace); # resolve fqdn to ip address first my $address = inet_ntoa(inet_aton($the_arguments{'_host'})); push(@wmi_args,"//$address"); push(@wmi_args,"$wmi_query");
Code: Select all
[root@xi-stable perfdata]# /usr/local/nagios/libexec/check_wmi_plus.pl -H 192.168.67.99 -u admin -p welcome123 -m checkcpu -d | grep wmic QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//192.168.67.99' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"' ... [root@xi-stable perfdata]# /usr/local/nagios/libexec/check_wmi_plus.pl -H mywmi.host.com -u admin -p welcome123 -m checkcpu -d | grep wmic QUERY: /usr/bin/wmic '-U' 'USER%PASS' '--namespace' 'root/cimv2' '//192.168.67.99' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"'
This appears to be working! Thanks so much!
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Check_WMI_Plus error when no results from eventlog
It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
Re: Check_WMI_Plus error when no results from eventlog
Yes, this can be locked. Thank you very much for your help getting through this.
Re: Check_WMI_Plus error when no results from eventlog
Glad we could help. We'll close this.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.