This how-to will guide you to monitor your Windows server using WMI. This will allow you to do checks from op5 on Windows hosts without installing any agent in Windows.

FAQ

What is WMI?

In short: A way to do queries on a Windows host, much like SNMP but much more advanced. The Long version: WMI is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification. WMI is Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards from the Distributed Management Task Force (DMTF) (source: Wikipedia).

Why should I use WMI?

1. It is agentless
2. You can monitor a lot more with WMI on windows host than with SNMP
3. You can create more complex questions

What prerequisites are there?

The windows host that should be monitored need to have WMI and a user that is allowed to do WMI queries. On the op5 monitor you need to install some rpm packages and a new check plug-in.

Installation guide

For this how-to to work you need to upgrade your plugin package to version 2.8.0, this will be release in week 36. If you use a distributed monitoring solution you need to do this on all your masters, pollers and peers.

Upgrade plug-in package

You need to upgrade your plug-in package to version 2.8.0 Either do a upgrade of your whole system

# yum upgrade

or upgrade only plugin-package

# yum upgrade plugin*

Install WMIC

For the wmi-plugin to work you need to install wmic on your op5 monitor server.

# yum install *wmic*

Test installation of WMI

Make sure WMI is installed and configure on the Windows host first.

# wmic -U DOMAIN/USER%PASSWORD //HOST "Select * from Win32_ComputerSystem"

Test installation of Check WMI Plus plugin

Go to /opt/plugin/

# ./check_wmi_plus.pl -H [IP or Hostname] -u [username] -p [password] -m checkmem -w 80 -c 90

Configure WMI account information

It’s possible to add user and password to a central file “/opt/monitor/etc/resource.cfg”.

This allows you to partially hide the credentials from the op5 GUI and to update a single file if they need to be updated.

Note that you need to edit all of the WMI check_command to use $USER8$ and $USER9$ instead of $ARG1$ and $ARG2$. You will also have to rename the remaining arguments.

Example of an updated check_command:

$USER1$/check_wmi_plus.pl -H $HOSTADDRESS$ -m checkcpu -u $USER8$ -p $USER9$ -w $ARG1$ -c $ARG2$ $ARG3$ $ARG4$ $ARG5$

If you wish to use the resource file, add the following to “/opt/monitor/etc/resource.cfg”:

$USER8$=[wmi username]  $USER9$=[wmi password]

Restart the op5 service

# service monitor restart

Add check commands

• Go to configure and commands.
• In the top right corner, click ‘Check Command Import’
• Select all WMI Plus command
• Click on ‘import selected commands’

Add WMI checks on host

• Go to Configure, select the host you want to add the check to.
• Go to ‘Services for host XXXXX’
• Add new service.

CPU

• Select ‘Check command’: check_wmip_cpu
• add variables: 80!90
• Click on ‘Apply Changes’
• Select ‘Add new service’ and click ‘Go’

Memory

• Select ‘Check command’: check_wmip_mem
• Set check_command_args: 80!90
• Click on ‘Apply Changes’
• Select ‘Add new service’ and click ‘Go’

Page file Usage

• Select ‘Check command’: check_wmip_page
• Set check_command_args: 20!30
• Click on ‘Apply Changes’
• Select ‘Add new service’ and click ‘Go’

Services

• Select ‘Check command’: check_wmip_service
• Set check_command_args: Auto!
• Note: To check all services in Auto-mode enter ‘Auto’ as command variable otherwise use whole or part of service name. Add service to exclude, if you do not want to exclude any service type in xxxx.
• Click on ‘Apply Changes’
• Select ‘Add new service’ and click ‘Go’

Disk Usage

• Select ‘Check command’: check_wmip_disk
• Set check_command_args:C!80!90
• Click on ‘Apply Changes’

Process CPU Usage

To check a process CPU usage does not have a check command, this has to be created first.

• Add a new check command:
  • Command_Name: check_wmip_proc_cpu
  • Command_Line:  $USER1$/check_wmi_plus.pl -H $HOSTADDRESS$ -m checkproc -s cpu -u $ARG1$ -p $ARG2$ -w $ARG3$ -c $ARG4$ -a $ARG5$ $ARG6$ $ARG7$
• Click ‘Apply Changes’

Now we can add the service check

• Select ‘Check command’: check_wmip_proc_cpu
• Set check_command_args:!!!80!90
• Note that % can be uses as a wildcard in the processname.
• Click on ‘Apply Changes’

Save and export configuration

 
Configure remote WMI access in Windows

There are two way to grant access to WMI for a remote user, either you add a user to the administrators group or you follow the steps below to grant access to WMI without using administrator rights.

This part shows how to set up remote WMI access on a Windows 2008 R2 SP1 server. This server was set up as a member server of a workgroup.

Create a new user

We create a new user and after that we will give the user access to do remote WMI queries.

• Go to ‘Server Manager’ by right-clicking on ‘Computer’ in the start-menu and select ‘Manage’
• Click your way down to Configuration -> Local Users and Groups -> Users
• Create a new user.
• Set ‘User Name’ to any name you like.
• Check ‘User cannot change password’
• Check ‘Password never expires’
• Click ‘Create’

Change user settings

• Edit the user just created and go to the tab ‘Members of’
• Click add and add the group ‘Distributed COM Users’

• Click ‘OK’
• Also add the group ‘Perfomance log users’
• Remove group ‘User’
• Click ‘OK’

Grant privileges to WMI

• Open ‘MMC’ by going to start-menu and runt the command ‘mmc’
• Go to File -> Add/Remove Snap-in…’
• Add ‘WMI Control’ for the local computer

• Click ‘OK’
• Right-click on ‘WMI Control (local)’ in the right hand list and select ‘Properties’
• Go to the ‘Security’ tab
• Select ‘Root’ and click on ‘Security’
• Add the user earlier created and set the following permissions:
  • Execute methods
  • Enable Account
  • Remote Enable

• Click on ‘Advanced’
• Select the WMI user and click on ‘Edit’
• Select to apply this to ‘This namespace and subnamespaces’

• Click ‘OK’ four times.

GPO Settings

Run one of the following three Microsoft Management Console (MMC) snap-ins:

• For a stand alone/single server run the ‘Local Security Policy’ snap-in (secpol.msc)
• For Domain member server run the ‘Default Domain Security Policy’ snap-in (dompol.msc)
• Go to ‘Security Settings’ -> ‘Local Policies’ -> ‘User Rights Assignment’.
• Add the WMI user to the following policys
  • ‘Act as part of the operating system’
  • ‘Log on as a batch job’
  • ‘Log on as a service’
  • ‘Replace a process level token’

Service Control Manager

For op5 Monitor to query a windows server for service information we need to give non-admin users access to the SCM.

First we need to determent the SID of the WMI-user, do this by opening a Command prompt in Windows and enter:

wmic useraccount where name='wmiuser' get sid

You will get the user SID, it will look something like: S-1-5-21-831218587-1591663529-496921927-1002

Now we have to give rights for the wmi-user to access scmanger remotely, run the following command and replacewith the SID you got from the command above.

sc sdset SCMANAGER D:(A;;CCLCRPRC;;;)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Alternativly you can replacewith AU (Authenticated Users) if you don’t want to limit access only to one user.

Disable UAC

For some check you might need to disable or lower the UAC settings. For the standard this should not be needed.

• Click on start menu and type ‘msconfig’ in the search field, then press ‘enter’
• Go to the tab ‘tools’
• Select ‘Change UAC Settings’ and click on ‘Launch’

• Pull down the lever to ‘never notify’ and click ‘OK’.
• A restart in necessary for this to take effect.

Done!

Useful tools and links

WMI browser
Check WMI Plus homepage

Articoli recenti

• Detecting Data Leak
• Installation of NRPE agent on CentOS/RHEL 6 and 7
• 4 steps to turn on simple BSM in your system
• How to monitoring MongoDB Server
• op5 monitor 7.2.2 – Release Notes

Categorie

• How To (16)
• nagios (3)
• News (10)
• op5 (4)
• Referenze (1)
• scrutinizer (2)
• Senza categoria (1)
• Zero Zero Toner (1)