Monitoring Windows 2008 Server

[brent_weaver]

Hello all! I am a UNIX/Linux engineer having to monitor a Windows 2008 server and I cannot seem to get it working. I am using NSCClient++ on the windows side and nagios core on the "server" side. All the instructions I find on NSClient++ seem to be outdated, specifically the configuration file. I verified that the service is running and that the port is listening but I get no response when I try to connect from nagios using check_nt or check_nrpe... Which should I be using?

I am mostly looking for troubleshooting tips as I am LOST in the gui windows world, it lacks the tools I am used to using.

Any help is MUCH appreciated because this cannot be that hard!

[sreinhardt]

Hey Brent, you are correct, documentation on nsclient can be sparse or out dated as things get updated in the application. Why don't we start with having you send your nsclient config file please, and run the below commands from the nagios box to be sure that nsclient ports are open to your server.

nmap -p 12489 [windows server ip]
nmap -p 5666 [windows server ip]

[slansing]

What version of NSclient++ have you installed? Can you get to the nagios server's terminal and run the following and show us the output to see if the plugins are working?:

RHEL/CENTOS pathing used in this example:

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H "Hostaddress of the windows server"

Code: Select all

/usr/local/nagios/libexec/check_nt -H "Hostaddress of the windows server" -p 12489

[brent_weaver]

Hey guys... Thanks for the quick response.

Due to the computing env these servers are in nmap is not allowed. It is a very highly security sensitive world I live in

Slansing -

I can get to port 12489 on the windows server.

Code: Select all

nagios@usmke1nagvm01l # telnet win 12489
Trying 10.5.30.220...
Connected to win.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

He is the results of what you asked for:

Code: Select all

nagios@usmke1nagvm01l # ./check_nrpe -H win
CHECK_NRPE: Received 0 bytes from daemon.  Check the remote server logs for error messages.

nagios@usmke1nagvm01l # ./check_nt -H win -p 12489
check_nt: Could not parse arguments
Usage:
check_nt -H host -v variable [-p port] [-w warning] [-c critical]
[-l params] [-d SHOWALL] [-u] [-t timeout]
nagios@usmke1nagvm01l # 

Clearly I am getting the syntax on check_nt wrong.

Again thanks for everyon's help on this one! I will await next steps.

[MBowman325]

-Edited for response-

try the following:

./check_nt -H win -p 12489 -v UPTIME


One item of note - W2k8 (and W7 if anyone monitors them) must be rebooted every 8 or 16 months (http://support.microsoft.com/kb/2553549), otherwise it doesn't close TCP sockets correctly and you'll wind up with 19k TCP ports closed but not released. Likely has nothing to do with your problem, but just a friendly heads up as it will interfere with the monitoring of that host.

[slansing]

Woops forgot to add the variable in, I always seem to forget that stipulation of check_nt... Give the above a try and let us know what returns. Were you sure to add the nagios server's IP into the allowed_hosts section of the NSC.ini file on the windows server? Without this, NSClient++ will block communication to IP's not listed.

[brent_weaver]

That worked:

Code: Select all

nagios@usmke1nagvm01l # check_nt -H win -p 12489 -v UPTIME
System Uptime - 22 day(s) 11 hour(s) 0 minute(s)

How do I figure out what checks are avail on the windows side?

Thanks allot for taking your valuable time to help me here! It always amazes and inspires me at how helpful people are.

[slansing]

You should have a good handful of default checks already defined within the NSC.ini file on the windows server they use the modules loaded upon start of the nsclient service, take a look at the external alias and external scripts sections in that config file. Most checks will require you to define a "-w" and "-c" argument in the nagios command which designates warning and critical thresholds "which in turn control when the service switches from OK, to warning, or critical." You can find some examples, as well as guidance on setting up your commands from the windows server, to the nagios server, to your command definitions at this link here:

http://www.nsclient.org/nscp/wiki/doc/u ... s/nsclient

Some of the information in the above link may be out of date but the ideas and definitions should hold constant. If you have any questions let us know, we will be glad to go into more detail and help you at each step!

[MBowman325]

The windows.cfg file will have a number of default checks. I've read that you can use the NSClient module to also check Windows Performance counters, but I've always configured the NRPE module to do that though (with the added bonus of the traffic is encrypted). It gets a bit more involved as I set them up in the NSC.ini file so I don't need to enable meta-characters for nsclient and only call the alias, which runs locally and returns the value. Essentially just like NRPE does on a *nix system. (I prefer a mix of NRPE/check_nt checks on the SQL servers, and use check_nt alone for most of the rest of our Windows systems)

As far as what you can check, it's very flexible - the checks available via the NSClient module only scratch the surface.

[slansing]

Let us know if you need further help setting up your first checks.