We are using Nagios XI 5.5.6 version.
And we installed NSclient++ agent in windows server.
We tried to add windows server from configuration wizard and below is the error.
CPU Usage Critical 7d 6h 23m 20s 5/5 2020-07-06 14:53:45 CRITICAL - Socket timeout
Drive C: Disk Usage Critical 7d 6h 23m 2s 5/5 2020-07-06 14:56:55 CRITICAL - Socket timeout
Explorer Critical 7d 6h 22m 54s 5/5 2020-07-06 14:53:47 CRITICAL - Socket timeout
IIS Web Server Critical 7d 6h 22m 45s 5/5 2020-07-06 14:56:00 CRITICAL - Socket timeout
Logon Errors Critical 7d 6h 22m 36s 5/5 2020-07-06 14:56:30 CRITICAL - Socket timeout
Memory Usage Critical 7d 6h 22m 26s 5/5 2020-07-06 14:56:52 CRITICAL - Socket timeout
Page File Usage Critical 7d 6h 22m 18s 5/5 2020-07-06 14:56:55 CRITICAL - Socket timeout
Ping Ok 7d 6h 22m 8s 1/5 2020-07-06 14:54:06 OK - 10.106.84.101: rta 0.219ms, lost 0%
Server Work Queues Critical 7d 6h 21m 49s 5/5 2020-07-06 14:54:24 CRITICAL - Socket timeout
SQL Server Critical 7d 6h 22m 0s 5/5 2020-07-06 14:56:18 CRITICAL - Socket timeout
Uptime Critical 7d 6h 21m 41s 5/5 2020-07-06 14:56:30 CRITICAL - Socket timeout
Kindly let us know the steps for complete configuration if we might have missed something.
Thanks,
Monitoring Windows desktop with Nagios
Re: Monitoring Windows desktop with Nagios
Can you run the following commands from the command line on the Nagios XI server, and show the output? Please hide/obfuscate sensitive info.
where you substitute <client IP> and <password> with the actual values.
Post the entire nsclient.ini and nslient.log from the Windows machine on the forum.
Code: Select all
/usr/local/nagios/libexec/check_nt -H <client IP> -p 12489 -s <password> -v CLIENTVERSION
/usr/local/nagios/libexec/check_nrpe -H <client IP>
nmap <client IP> -p 12489,5666Post the entire nsclient.ini and nslient.log from the Windows machine on the forum.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Windows desktop with Nagios
Hi,
Please find below, there is some syntax error.
what password we have to enter and which version?
[user@server ~]$ /usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p xxxxx -s password -v 1
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
[user@server ~]$ /usr/local/nagios/libexec/check_nrpe -H 10.xxx.xx.xxx
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
Also please find attached the log and ini files.
Please find below, there is some syntax error.
what password we have to enter and which version?
[user@server ~]$ /usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p xxxxx -s password -v 1
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
[user@server ~]$ /usr/local/nagios/libexec/check_nrpe -H 10.xxx.xx.xxx
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
Also please find attached the log and ini files.
You do not have the required permissions to view the files attached to this post.
Re: Monitoring Windows desktop with Nagios
Let's try this again. Run ALL of the following commands on the Nagios XI server and show the output:
Note: Substitute <client IP> with the actual IP address of your Windows server. Do not use "-v 1" as this is a wrong syntax. Use "-v CLIENTVERSION" as shown above.
Also, run the following commands as administrator in the CMD Prompt on the Windows machine and show the output:
Note: Substitute <PID> with the actual PID, found from running the two netstat commands.
Example: This way, we will make sure that NSClient++ is listening on ports 12489 and 5666, and there is no other process that is interfering with the agent.
Code: Select all
/usr/local/nagios/libexec/check_nt -H <client IP> -p 12489 -s TrahebEtM0n123 -v CLIENTVERSION
/usr/local/nagios/libexec/check_nrpe -H <client IP>
nmap <client IP> -p 12489,5666
ip addrAlso, run the following commands as administrator in the CMD Prompt on the Windows machine and show the output:
Code: Select all
netstat -abno | findStr "12489"
netstat -abno | findStr "5666"
tasklist /fi "pid eq <PID>"Example: This way, we will make sure that NSClient++ is listening on ports 12489 and 5666, and there is no other process that is interfering with the agent.
You do not have the required permissions to view the files attached to this post.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Windows desktop with Nagios
Hi,
Please find below the logs.
[user@server ~]$ /usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p 12489 -s password -v 0.4.4.23
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
[user@server ~]$ /usr/local/nagios/libexec/check_nrpe -H 10.xxx.xx.xxx
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
[user@server ~]$ nmap 10.xxx.xx.xxx -p 12489,5666
Starting Nmap 6.47 ( http://nmap.org ) at 2020-07-16 09:10 +04
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
[user@server ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 50:6b:8d:4c:df:28 brd ff:ff:ff:ff:ff:ff
inet 10.xxx.xx.xx/28 brd 10.xxx.xx.xx scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::dfed:e1d3:97c4:94aa/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
inet 192.xxx.xxx.x/24 brd 192.xxx.xxx.xxx scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
C:\Program Files\NSClient++>netstat -abno | findStr "12489"
TCP 0.0.0.0:12489 0.0.0.0:0 LISTENING 15796
TCP 0.0.0.0:12489 0.0.0.0:0 LISTENING 15796
TCP [::]:12489 [::]:0 LISTENING 15796
C:\Program Files\NSClient++>netstat -abno | findStr "5666"
TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 15796
TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 15796
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45760 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45762 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45892 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45894 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45932 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45934 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45978 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45980 TIME_WAIT 0
TCP [::]:5666 [::]:0 LISTENING 15796
C:\Program Files\NSClient++>tasklist /fi "pid eq 15796"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
nscp.exe 15796 Services 0 22,256 K
Thanks.
Please find below the logs.
[user@server ~]$ /usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p 12489 -s password -v 0.4.4.23
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
[user@server ~]$ /usr/local/nagios/libexec/check_nrpe -H 10.xxx.xx.xxx
CHECK_NRPE STATE CRITICAL: Socket timeout after 10 seconds.
[user@server ~]$ nmap 10.xxx.xx.xxx -p 12489,5666
Starting Nmap 6.47 ( http://nmap.org ) at 2020-07-16 09:10 +04
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
[user@server ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 50:6b:8d:4c:df:28 brd ff:ff:ff:ff:ff:ff
inet 10.xxx.xx.xx/28 brd 10.xxx.xx.xx scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::dfed:e1d3:97c4:94aa/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
inet 192.xxx.xxx.x/24 brd 192.xxx.xxx.xxx scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
C:\Program Files\NSClient++>netstat -abno | findStr "12489"
TCP 0.0.0.0:12489 0.0.0.0:0 LISTENING 15796
TCP 0.0.0.0:12489 0.0.0.0:0 LISTENING 15796
TCP [::]:12489 [::]:0 LISTENING 15796
C:\Program Files\NSClient++>netstat -abno | findStr "5666"
TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 15796
TCP 0.0.0.0:5666 0.0.0.0:0 LISTENING 15796
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45760 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45762 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45892 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45894 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45932 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45934 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45978 TIME_WAIT 0
TCP 10.xxx.xx.xxx:5666 10.xxx.xx.xx:45980 TIME_WAIT 0
TCP [::]:5666 [::]:0 LISTENING 15796
C:\Program Files\NSClient++>tasklist /fi "pid eq 15796"
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
nscp.exe 15796 Services 0 22,256 K
Thanks.
Re: Monitoring Windows desktop with Nagios
This section of your command is wrong again. You should be using "-v CLIENTVERSION"... literally. Do not try to add the agent's version number manually. You should see it in the output, provided you check worked.[user@server ~]$ /usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p 12489 -s password -v 0.4.4.23
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
This is from the plugin's usage:
You can view the usage (help menu) of the check_nt plugin by running the following command from the command line on the Nagios XI server:Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u](DEPRECATED) [-t timeout]
...
-v, --variable=STRING
Variable to check
...
Valid variables are:
CLIENTVERSION = Get the NSClient version
...
Code: Select all
/usr/local/nagios/libexec/check_nt -hThe output from nmap tells me that the host is not accessible. Is there a firewall between the XI server and the client? Both TCP ports (12489 and 5666) must be open in order for nagios to be able to monitor your Windows machine via NSClient++.[user@server ~]$ nmap 10.xxx.xx.xxx -p 12489,5666
Starting Nmap 6.47 ( http://nmap.org ) at 2020-07-16 09:10 +04
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.04 seconds
Can you ping the host?
Can you verify that the IP address of your Nagios XI server is the same as the one listed in the nsclient.ini file on the allowed host line (10.106.93.70)?
[user@server ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 50:6b:8d:4c:df:28 brd ff:ff:ff:ff:ff:ff
inet 10.xxx.xx.xx/28 brd 10.xxx.xx.xx scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::dfed:e1d3:97c4:94aa/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
inet 192.xxx.xxx.x/24 brd 192.xxx.xxx.xxx scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:33:d2:70 brd ff:ff:ff:ff:ff:ff
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Monitoring Windows desktop with Nagios
This section of your command is wrong again. You should be using "-v CLIENTVERSION"... literally. Do not try to add the agent's version number manually. You should see it in the output, provided you check worked.
/usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p 12489 -s password -v CLIENTVERSION
CRITICAL - Socket timeout
I am not sure if you used your actual password in the command or "-s password". Make sure you use the actual password as listed in the nsclient.ini file.
We used the same password in the ini file.
The output from nmap tells me that the host is not accessible. Is there a firewall between the XI server and the client? Both TCP ports (12489 and 5666) must be open in order for nagios to be able to monitor your Windows machine via NSClient++.
We will check on the firewall.
So we need to open ports 12489 and 5666 from nagios server to the client right?
Can you let us know whats the ports define, 5666 is for NRPE and 12489 for NsClinet++?
Can you ping the host?
Yes.
Can you verify that the IP address of your Nagios XI server is the same as the one listed in the nsclient.ini file on the allowed host line (10.106.93.70)?
Yes, its the same IP address.
/usr/local/nagios/libexec/check_nt -H 10.xxx.xx.xxx -p 12489 -s password -v CLIENTVERSION
CRITICAL - Socket timeout
I am not sure if you used your actual password in the command or "-s password". Make sure you use the actual password as listed in the nsclient.ini file.
We used the same password in the ini file.
The output from nmap tells me that the host is not accessible. Is there a firewall between the XI server and the client? Both TCP ports (12489 and 5666) must be open in order for nagios to be able to monitor your Windows machine via NSClient++.
We will check on the firewall.
So we need to open ports 12489 and 5666 from nagios server to the client right?
Can you let us know whats the ports define, 5666 is for NRPE and 12489 for NsClinet++?
Can you ping the host?
Yes.
Can you verify that the IP address of your Nagios XI server is the same as the one listed in the nsclient.ini file on the allowed host line (10.106.93.70)?
Yes, its the same IP address.
Re: Monitoring Windows desktop with Nagios
Yes, you would need to open these two ports. TCP port 5666 is used by check_nrpe and port 12489 is used by check_nt. Both plugins are used with NSClient++.We will check on the firewall.
So we need to open ports 12489 and 5666 from nagios server to the client right?
Can you let us know whats the ports define, 5666 is for NRPE and 12489 for NsClinet++?
Let us know if opening these ports solves your issue. Thank you!
Be sure to check out our Knowledgebase for helpful articles and solutions!