Nagios Support Forum

Team,


Curretly most of the monitoring in our nagios system is running agentless with WMI for windows servers.
We got requirement to monitor user login sessions in windows servers.

Please help me how can we monitor RDP sessions or login sessions for a remote windows server.

Are these servers also Windows Server 2003? It may be difficult. I don't know if WMI had the capability of seeing logged in users at that point. You are currently doing agentless monitoring, but would it be out of the question to install an agent? I don't know if NCPA will run on Server 2003, but it would be a good way to satisfy this check. You could also perform the check as a passive check, and save the load on your Nagios server.

Hi,

The requirement for now is related to windows 2012 standard edition 64 bit.

We have to test on these machine first and check on other servers.

Please let me know how can we proceed.

By far the easiest way to do this is to use the NCPA agent. NCPA is able to monitor users logged on to the system without the need for additional plugins. Though NCPA is a 32bit application. This will only be a problem if your Windows install is 64bit only. By default Windows supports 32bit and 64bit, unless you specify otherwise.

I did a quick walk through WMI and it looks like there is a Win32_LoggedOnUser class in Server 2012 R2. I haven't been able to pull useful information out of it yet, but it is there, so I would hope that it can return the data we're looking for.

By far the easiest way to do this is to use the NCPA agent. NCPA is able to monitor users logged on to the system without the need for additional plugins. Though NCPA is a 32bit application. This will only be a problem if your Windows install is 64bit only. By default Windows supports 32bit and 64bit, unless you specify otherwise.

So, we need to install NCPA agent then may be in our environment with lot of servers, we may have to go and install ncpa, test and enable monitoring. This will be a huge task for us because almost 96% of servers using WMI. Please help if we can do it via WMI as of now.

I did a quick walk through WMI and it looks like there is a Win32_LoggedOnUser class in Server 2012 R2. I haven't been able to pull useful information out of it yet, but it is there, so I would hope that it can return the data we're looking for.

How to use this class "Win32_LoggedOnUser" via Nagios to configure monitoring.

We are trying to install ncpa 2.2.0 in one of test server, after finishing the installation, require your help in providing steps how to configure the monitoring for RDP user session monitoring in Nagios.

I still haven't been able to get anything out of Win32_LoggedOnUser. I feel like there should be a way to query that, I just haven't found it yet.

To get logged on users out of NCPA, you can use the NCPA Wizard in Nagios XI. One of the checks that it will set up automatically is User Count. If you want to search for specific users, you can do that too, but you will have to setup a custom service check for it, but it is doable. NCPA checks for user count, and provides a list of logged on users via the API.

what is active and passive checks, how and when to use them, how these checks useful, can u help with scenario...

we have installed ncpa 2.2.0 ( active check ) in remote windows machine successfully.

But from Nagios we are not able to add the device from NCPA Wizard. Getting below error. Attached screenshot for reference.

Unable to contact server at https://xx.xx.xxx?token=Token1234.

And also please check below outputs, tried getting some more info in verbose....

[root@nagiosp01 ~]# /usr/local/nagios/libexec/check_ncpa.py -H xx.xx.xx.xx -t 'Token1234'-P 5693 -lv
Connecting to: https://192.168.203.117:5693/api?token=Token1234-P
An error occurred:[Errno socket error] (8, 'EOF occurred in violation of protocol')


Let me know is there any prerequisite to be followed on remote windows server with version Winopws 2012R2

[root@nagiosp01 ~]# nmap xxx.xx.xx.xx -p 5693

Starting Nmap 6.47 ( http://nmap.org ) at 2020-02-14 07:17 CET
Nmap scan report for sgwautoi02.usr.corp.gamesa.es (xxx.xx.xx.xx)
Host is up (0.00044s latency).
PORT STATE SERVICE
5693/tcp open unknown
MAC Address: 00:15:5D:01:02:15 (Microsoft)
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

[root@nagiosp01 ~]#