Nagios Support Forum

Hi

I am very new to nagios XI, we just sign up to trial version to explore monitoring versions. So basic tasks which are pre defined appears to be very easy and simple

Does anyone knows whether it is possible to configure Microsoft PKI monitoring for expiring certificates for SCEP and other things as well as try to monitor personal store of individual servers personal store for public certificates?

I can't seem to find out of the box option anywhere, by googling around not much coming out. Perhaps I am just unfamiliar with the nagios

Any help/advise much appreciated

Regards

I don't know of an out-of-the-box solution for this, but the following plugin might fit your use case:
https://exchange.nagios.org/directory/P ... ck/details

The above plugin would live on your Windows machine and be executed via an agent like NSClient++ or NCPA. If that's all Greek to you, let me know and I can try to break it down a little better!

I guess it is a bit worst than greek

So I've downloaded the powershell script that was designed for Nagios, found a place where to upload plug ins in Nagios

One think I am not sure about is that you saying I have to place powershell script on the server and execute it using Nagios client?

Can you explain a bit more

There isn't really a good way for Nagios XI to remotely check the PKI store on a Windows machine. It might be something you could do over WMI, but I can pretty much guarantee that is a more complex solution.

So, since Nagios XI can't always do something convenient like SSH into the Windows machine and start asking questions, we need to leverage an agent. An agent is an application that lives on the remote machine and takes requests from the Nagios server.

Step 1 is installing an agent on the remote Windows machine. This agent will take requests from Nagios XI to check things on the remote Windows machine. NSClient++ is a pretty popular one and we have a document for getting it set up on a Windows machine:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Once you have the agent installed, we need to tell the agent "please use the nm-check-certificate-expiration.ps1 plugin when Nagios asks for certificate information". Configuring this for NSCLient++ is slightly different between versions, but here's the documentation for 0.4.3:
https://docs.nsclient.org/0.4.3/howto/e ... ripts.html

In my NSClient 0.4.4 configuration, I have (among lots of other definitions) the following definitions in place to run specific custom plugins/scripts:
In the first example, CheckAutoNSCP is just a convenient identifier for the command I want to run. It can be named almost anything. scripts\check_winservice.exe is the short-hand path to the script/plugin this command is executing. --service nscp --startmode !auto --critical 1 are all the arguments for my command.

So great, my agent is all set up and ready to talk to the Nagios server. But how exactly do I tell Nagios to send commands to the agent? Nagios XI includes two plugins: check_nrpe and check_nt. I prefer to use check_nrpe.

Lets start by verifying that we can speak to the remote agent. The path /usr/local/nagios/libexec is where (almost) all of the Nagios monitoring plugins live. So, from that path:
Hey great! Nagios can talk to the remote machine. Lets try executing those commands I defined earlier:
Great! Our commands seem to be executing the plugins on the remote Windows machine. Now we need to configure the service checks in Nagios XI:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

For that document, you're doing everything with check_nrpe (or check_nt) as far as Nagios XI is concerned.

is there a way to monitor certificates using WMI?

As @mcapra mentioned, it might be possible, but it would definitely be more complex. Here's an article that will help with the WMI client on Linux
https://www.krenger.ch/blog/wmi-commands-from-linux/

A few articles about WMI -
https://blogs.technet.microsoft.com/hey ... computers/
https://blogs.msdn.microsoft.com/powers ... rshell-v1/
http://windowsitpro.com/scripting/use-p ... e-machines