Microsoft Windows™ servers can be monitored directly from GroundWork servers using a variety of methods (SNMP for example, or with WMIC). A popular method is to use the check_nrpe plugin, and GroundWork Monitor 8 includes a set of plugins to use with this method. These plugins are written in visual basic, and can be extended to query and interact with the Windows systems so equipped. Note the Windows version of GDMA also uses these same plugins and several more, written in PowerShell which can similarly be added.
NRPE and NSClient++ offer SSLv3, which is a reasonably secure protocol for use in monitoring. We are not guaranteeing it can't be hacked, but at least the password data (required by some of the plugins if NSClient++ is not run as a service account) is not passed over the network unencrypted.
The following instructions will help you get NSClient++ set up and working with GroundWork Monitor 8.
Configuring NSClient++ Monitoring
Download NSClient++ and Support Files
- Download the latest version of NSClient++ to your Windows system: https://nsclient.org/
- Download the GroundWork support files, to your Windows system: Downloads > NSClient++ Windows Plugins
Start the NSClient++ installation wizard by clicking the downloaded file and click Next.
Select Monitoring Tool: Choose Generic and click Next.
Choose Setup Type: Click Typical.
- There is no need to set the Allowed Hosts or Password at this time as they will be configured in the nsclient.ini file later.
- Modules to load (select the following):
- Enable common check plugins
- Enable NRPE server (check_nrpe), select Insecure legacy mode (required by old check_nrpe)
- Enable Web server
- NSClient is installed in the directory C:\Program File\NSClient++.
Install GroundWork Support Files
Unzip nsclient++gw-support.zip to a temporary location.
Copy the nsclient.ini file to the
NSClient++directory and overwrite the existing file.
Edit the nsclient.ini file and verify password, for example:
Edit nsclient.ini file and add the GroundWork system IP to the allowed hosts, for example of your GroundWork server is at 192.268.1.2:
Copy nrpescripts.ini file to the NSClient++ directory.
Copy contents of VBS-Plugins to NSClient++/scripts/lib directory.
Create DH key with this procedure, and save it to nrpe_dh_2048.pem file.
Use this DH key file on all Windows systems that you want to monitor with NSClient++ from this server.
On the GroundWork system run the following command as root:
openssl dhparam -C 2048CODE
Copy and paste the output from the above command starting with:
to the following file on your Windows system:
Restart NSClient in Windows Services.
You can also type at a command prompt:
net stop nscp net start nscpCODE
Navigate to the Windows Firewall (and any other intervening firewalls) to allow port 5666 from GroundWork system to monitored Windows system.
Run the following commands on the GroundWork system to test NSClient++:
cd gw8 docker-compose exec nagios bash /usr/local/nagios/libexec/check_nrpe -t 60 -H (WindowsIP) /usr/local/nagios/libexec/check_nrpe -t 60 -H (WindowsIP) -c check_cpu /usr/local/nagios/libexec/check_nrpe -t 60 -H (WindowsIP) -c get_cpu -a "(WindowsIP)" "_Total" "80,90"CODE
Where (WindowsIP) is the IP address of the Windows server you just installed on.
To uninstall NSClient++ run the install Wizard again and select uninstall or use the Windows uninstaller. It is better to stop the NSClient++ before uninstalling and not be browsing in the NSClient++ directory or have any NSClient open files when uninstalling.