Monitoring Windows desktop with Nagios

[ets_user]

Hi,

We would like to monitor our windows desktop using nagios.

We chose NSclient++ and so installed the agent in the windows machine, donwloaded from the page https://assets.nagios.com/downloads/nag ... SClient++/.

We added the desktop IP in host using https://assets.nagios.com/downloads/nag ... ient++.pdf.

After completing the steps we checked for the services but facing below error.

kindly advise.

CPU Usage Critical 1h 19m 6s 5/5 2020-06-15 10:08:07 CRITICAL - Socket timeout
Drive C: Disk Usage Critical 1h 17m 5s 5/5 2020-06-15 10:06:00 CRITICAL - Socket timeout
Memory Usage Critical 1h 20m 3s 5/5 2020-06-15 10:03:46 CRITICAL - Socket timeout
Ping Ok 1h 20m 14s 1/5 2020-06-15 10:07:48 OK - 10.106.84.101: rta 0.291ms, lost 0%
Uptime Critical 1h 18m 59s 5/5 2020-06-15 10:04:29 CRITICAL - Socket timeout

[jbrunkow]

Could there be a firewall filtering traffic in your environment? You can check whether the traffic on that port is open or filtered using nmap.

Code: Select all

nmap -p 12489 <Windows host IP>

Is the IP address of your XI server listed as an allowed host in the nsclient.ini file of the Windows host?

What is the socket timeout defined as in your nsclient.ini file?

Does the check work if you try it from the command line of your XI server?

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H <Windows host IP>

[ets_user]

Hi,

Please find below.
[root@server~]# nmap -p 12489 10.106.84.101

Starting Nmap 6.47 ( http://nmap.org ) at 2020-06-17 08:23 +04
Nmap scan report for kangaroo.etisalatssi.ae (10.106.84.101)
Host is up (0.00048s latency).
PORT STATE SERVICE
12489/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds


[root@test~]# /usr/local/nagios/libexec/check_nrpe -H 10.106.84.101
connect to address 10.106.84.101 port 5666: Connection refused
connect to host 10.106.84.101 port 5666: Connection refused

Do we need to open any firewall?

Timeout is define as , timeout = 30.

Allowed hosts - Nagios server IP is defined.

Also we can see in windows server ogs as below.

C:\Program Files\NSClient++>"nsclient++.exe" /test
Launching test mode - client mode
Service seems to be started, this is probably not a good idea...
d NSClient++.cpp(1216) Enabling debug mode...
d NSClient++.cpp(557) Attempting to start NSCLient++ - 0.3.9.328 2011-08-16
NSCore not loaded...
Archiving crash dumps in: C:\Users\kthoppay.ETISALATSSI\AppData\Local\NSClient++\crash dumps
d NSClient++.cpp(1007) Loading plugin: CheckDisk...
d NSClient++.cpp(1007) Loading plugin: Event log Checker....
d NSClient++.cpp(1007) Loading plugin: Helper function...
d NSClient++.cpp(1007) Loading plugin: CheckSystem...
d NSClient++.cpp(1007) Loading plugin: File logger...
d \PDHCollector.cpp(73) Autodetected w2k or later, using w2k PDH counters.
l \FileLogger.cpp(87) Log path is: C:\Program Files\NSClient++\\nsclient.log
d \PDHCollector.cpp(110) Using index to retrive counternames
d NSClient++.cpp(1007) Loading plugin: NSClient server...
d NSClient++.cpp(709) NSCLient++ - 0.3.9.328 2011-08-16 Started!
e \Socket.h(691) bind failed: 10048: Only one usage of each socket address (protocol/network address/port) is normally permitted.
l NSClient++.cpp(461) Using settings from: INI-file
e \Socket.h(722) Socket did not start properly, we will now do nothing...
l NSClient++.cpp(462) Enter command to inject or exit to terminate...
d \PDHCollector.cpp(130) Found countername: CPU: \Processor(_total)\% Processor Time
d \PDHCollector.cpp(131) Found countername: UPTIME: \System\System Up Time
d \PDHCollector.cpp(132) Found countername: MCL: \Memory\Commit Limit
d \PDHCollector.cpp(133) Found countername: MCB: \Memory\Committed Bytes

[lmiltchev]

[root@server~]# nmap -p 12489 10.106.84.101

Starting Nmap 6.47 ( http://nmap.org ) at 2020-06-17 08:23 +04
Nmap scan report for kangaroo.etisalatssi.ae (10.106.84.101)
Host is up (0.00048s latency).
PORT STATE SERVICE
12489/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 0.25 seconds

You would need to open port 12489 in your firewall if you want to use check_nt with NSClient++. Once you do that, test the connection again via nmap. The status should say "open", not "filtered".

If your checks are still failing after opening the port, post the entire confg and log file from the Windows machine on the forum (nsclient.ini and nsclient.log). Thank you!

[ets_user]

Hi,

We checked the firewall and enabled the nsclientlisterner.dll in the ini file ,restarted the process and the status is as below now.

CPU Usage Unknown 3d 4h 17m 9s 5/5 2020-06-21 14:53:05 (No output on stdout) stderr:
Current Load Unknown 3d 4h 44m 41s 5/5 2020-06-21 14:54:57 Could not construct return packet in NRPE handler check client side (nsclient.log) logs...
Current Users Unknown 3d 4h 44m 36s 5/5 2020-06-21 14:55:29 Could not construct return packet in NRPE handler check client side (nsclient.log) logs...
Drive C: Disk Usage Warning 6d 6h 0m 9s 5/5 2020-06-21 14:51:39 (No output on stdout) stderr: /bin/sh: 20% crit=free: No such file or directory
Ping Ok 6d 6h 0m 0s 1/5 2020-06-21 14:52:51 OK - 10.106.84.101: rta 1.254ms, lost 0%
Total Processes Unknown 3d 4h 44m 32s 5/5 2020-06-21 14:54:26 Could not construct return packet in NRPE handler check client side (nsclient.log) logs...

Attached the nsclient ini and log files.

The above are the logs when we tried adding using NRPE in the configuration wizard.

We also tried another method of adding using Windows desktop in wizard but even that is not working as below.

CPU Usage Critical 6d 6h 10m 14s 5/5 2020-06-21 14:55:03 CRITICAL - Socket timeout
Drive C: Disk Usage Critical 6d 6h 8m 13s 5/5 2020-06-21 14:55:57 CRITICAL - Socket timeout
Memory Usage Critical 6d 6h 11m 11s 5/5 2020-06-21 14:59:24 CRITICAL - Socket timeout
Ping Ok 6d 6h 11m 22s 1/5 2020-06-21 14:54:45 OK - 10.106.84.101: rta 0.190ms, lost 0%
Uptime Critical 6d 6h 10m 7s 5/5 2020-06-21 14:59:24 CRITICAL - Socket timeout

Kinldy advise.

[lmiltchev]

You are using a VERY OLD version of NSClient++ - 0.3.9... This version would not work well (or not work at all) with the new NRPE agent. I would recommend that you remove completely the old NSClient++ agent from you Windows machine and install a newer version of the agent.

[ets_user]

Hi,

We installed new version and below error now.

Current Load Unknown 1d 10h 26m 0s 5/5 2020-06-25 00:06:22 Unknown command(s): check_load
Current Users Unknown 1d 10h 26m 4s 5/5 2020-06-25 00:06:07 Unknown command(s): check_users
Mem Ok 1d 10h 20m 13s 1/5 2020-06-25 00:06:09 OK: committed = 9.173GB, physical = 6.281GB
Memory Ok 1d 10h 20m 51s 1/5 2020-06-25 00:05:32 OK: committed = 9.195GB, physical = 6.304GB
Ping Ok 1d 10h 27m 2s 1/5 2020-06-25 00:04:21 OK - 10.106.84.101: rta 0.210ms, lost 0%
Total Processes Unknown 1d 10h 23m 41s 5/5 2020-06-25 00:06:38 Unknown command(s): check_total_procs

We can see the above dll's are not available in the installation directory.

And we need to enable the commands.

PLs provide the steps.

[lmiltchev]

There are some instructions on the top of the nsclient.ini file for activating modules, adding defaults, etc.

Most probably, you would need to run the following command from the CMD Prompt as administrator (from within the C:\Program Files\NSClient++ directory):

Code: Select all

nscp settings --generate --add-defaults --load-all

[ets_user]

We have already run that command and enabled all the modules.

But still we see some modules are not available like check_users, check_load,check_uptime...do we need to add it manually by dowloading it somewhere?

Also while adding using NRPE configuration wizard pls confirm what values should be given here. (Attached)

Also attached the ini and log file for your reference.

1) how can we fix this issue with NRPE wizard.

2) Adding the server using widows desktop wizrd also still having issues as mentioned below earlier.
CPU Usage Critical 6d 6h 10m 14s 5/5 2020-06-21 14:55:03 CRITICAL - Socket timeout
Drive C: Disk Usage Critical 6d 6h 8m 13s 5/5 2020-06-21 14:55:57 CRITICAL - Socket timeout
Memory Usage Critical 6d 6h 11m 11s 5/5 2020-06-21 14:59:24 CRITICAL - Socket timeout
Ping Ok 6d 6h 11m 22s 1/5 2020-06-21 14:54:45 OK - 10.106.84.101: rta 0.190ms, lost 0%
Uptime Critical 6d 6h 10m 7s 5/5 2020-06-21 14:59:24 CRITICAL - Socket timeout

Kindly advise on both.

[lmiltchev]

What is the Nagios XI version that you are currently using? In the older versions of XI, the "Windows Desktop", and "Windows Server " wizards were using the check_nt plugin with NSClient++. In the newer versions of XI, these two wizards use NCPA. The wizard that you need to use in this case is the "NSClient++" wizard. The "NRPE" wizard is used for Linux/Unix machines, not Windows...

example-01.jpg

Try running the "NSClient++" wizard (or "Windows Server" if you are running an older version of Nagios XI) agains your target machine. Post on the forum again if you are still having issues.

Note: It seems like you uploaded nsclient.ini file twice, instead of uploading the log.