Windows WMIC
Click the link above if you are not automatically redirected in 10 seconds.
Overview
When deciding how to monitor MS Windows servers, you have a few best-practices choices to make. You can install the GroundWork Distributed Monitoring Agent (GDMA), use the native MS Windows SNMP service, use another open source agent such as NSClient++ and NRPE, or you can use the native WMI calls, all of which will give you some form of detailed information on exactly what is happening on your Windows systems.
If you have just a few Windows servers and a single domain, you might consider not installing or running an agent at all. You can get detailed information by interrogating the WMI service using the excellent check_wmi_plus.pl
plugin, supplied here https://edcint.co.nz/checkwmiplus/ and packaged by GroundWork for your convenience. We created a profile to use this plugin for several Windows checks. This article shows you how to set it up.
Note the plugin is designed to run as an active check from your GroundWork server, and it isn't very fast (though the supplier can give you a premium version for a small fee that is faster, see https://edcint.co.nz/checkwmiplus/check-wmi-plus-pro-to-improve-performance-and-functionality/). That limits it a bit, we do recommend using a local GroundWork server (either a parent or a child), and you may need to limit the polling frequency somewhat. This is balanced by the convenience of not needing to install anything on the Windows systems, but as you will see there are a few hoops to jump through nonetheless. In particular, you need to enable an account with remote login, and WinRM for full functionality. It's not always possible to do so in secure environments, so evaluate your policies before you use this method.
In summary, the steps are:
- Add a user to your domain for monitoring
- Enable the user for Remote access rights
- Edit the authfile
- Set a Nagios macro
- Load and apply the profile
Install Steps
Each Windows domain to be monitored with WMIC requires a monitoring account. Add a user to your domain for this if necessary, and then enable it for remote access to your systems.
You need to be a member of Domain Admin to do this, and these steps are not always correct for all versions of Windows. For more information about security settings and requirements in MS Windows, please see the check_wmi_plus documentation here: https://edcint.co.nz/checkwmiplus/faq/how-do-i-setup-the-windows-user-for-wmic-or-what-permissions-do-i-need/
Open the WMI Control console:
Click Start, click Run, type
wmimgmt.msc
, then click OK.- Right-click WMI Control, click Properties, and click the Security tab.
Expand Root and select WMI.
Click the Security button, select Authenticated Users, and click Add.
Select the object type, locations, enter and check names, and click OK:
Allow or deny the following, then click Apply, and OK:
Execute Methods (enable) Full Write (disable) Partial Write (disable) Provider Write (disable) Enable Account (enable) Remote Enable (enable) Read Security (enable) Edit Security (disable)
- At this point, your Windows domain should be ready for monitoring with
check_wmi_plus
. Next, configure GroundWork to run the plugin. From the GroundWork Monitor interface, go to Configuration > Nagios Monitoring > Profiles. Expand Profile importer, and select New > Import > Windows. Then select theservice-profile-Windows-WMIC-based-checks.xml
service profile. Click Import. You should see a success message. On the GroundWork 8 server command line, create (or edit) the
authfile
for username, password and Domain for example:cd gw8 docker exec -it dockergw8_nagios_1 /bin/bash cd /usr/local/nagios/libexec/check_wmi_plus/ vi authfile
The format is:
username=myusername password=mypassword domain=mydomain
You can use a different filename, or a subdirectory of the
check_wmi_plus
directory if you like. Note the password you enter will be available to the user you set up to run GroundWork 8, and the superuser on the GroundWork 8 host, as it resides in a Docker volume. It won't show up on any monitored Windows host or in any check commands.- Set Nagios
USER9
macro to the full path toauthfile
. In GroundWork Monitor go to Configuration > Nagios Monitoring > Control, and select Nagios resource macros. Then select the macroUSER9
and enter the path, e.g.,/usr/local/nagios/libexec/check_wmi_plus/authfile
as the value. Click Update. To test the plugin from the terminal on the
gw8
server, you can run it directly, for example:$ docker-compose exec nagios /usr/local/nagios/libexec/check_wmi_plus.pl -H 10.1.13.55 -A /usr/local/nagios/libexec/check_wmi_plus/authfile -m checkcpu -w 50 -c 80 OK (Sample Period 183 sec) -Average CPU Utilisation 13.83%|'Avg CPU Utilisation'=13.83%;50;80;
- Then, from GroundWork Monitor go to Configuration > Nagios Monitoring > Hosts > Host Group, select a Windows host to monitor and apply the profile you loaded. You can test from the Service Check tab with the Test button, for example:
- Adjust the profile to your liking and apply it to your Windows hosts, just as you would any GroundWork profile. Don't forget to commit the configuration changes.