Nagios Plugin: RDP w/ NLA

[TheFox]

Hi all. First post here. Hoping this is the right spot to ask this:

I use Nagios to monitor RDP with the x224 plugin currently available on the exchange. To increase security I'd like to enable NLA to ensure there are no MITM attacks, but this plugin will not monitor hosts' RDP with NLA enabled.

I was curious (before I pursue FreeRDP for a possible solution) if there are any plugins I might be missing that already do this, or would be easier to implement?

Thank you kindly,
--Fox

[abrist]

I do not know of any way to directly monitor an nla rdp session. You could use nsclient and one of the following plugins to monitor the terminal services connections, or you could just use nsclient to watch users or the rdp service. The way the nla auth works, makes it very difficult to monitor the in same way that the x224 plugin monitors the rdp sessions.

http://exchange.nagios.org/directory/Pl ... fo/details
http://exchange.nagios.org/directory/Pl ... ns/details

[TheFox]

Thanks. Unfortunately no one is logging into these machines...until something is wrong. We just need to be aware if the RDP service were to hang for any reason. We've come across systems we never touch at all only to find when we try to remote into them all of the remote connections have gone wonky somehow.

I was worried this would be the answer, and have already started looking into trying to jam FreeRDP in as a check with an account that can do no more than log in, but thought I should ask first. Thank you for confirming my fears though.

If anyone else is aware of another method, please let me know!

[abrist]

Thanks. Unfortunately no one is logging into these machines...until something is wrong. We just need to be aware if the RDP service were to hang for any reason.

You may want to look into one of the service check plugins through nsclient/nrpe. They will not be as good as a dummy login checking the service, but better than nothing. Best of luck, maybe someone here in the forums will have a novel solution.