Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Need Help?

Emergency Response Time custom

Our experts have had an average response time of 11.06 minutes in March 2021 to fix urgent issues.

We will keep your servers stable, secure and fast at all times for one fixed price.

WMI Monitoring With Nagios – How we do it

by | May 13, 2021

Windows Management Instrumentation (WMI) allows for agentless monitoring of Windows machines which in turn helps to set up monitoring with Nagios without having to install or configure agents.

As a part of our Server Management Services, we help our customers with requests related to Nagios.

Let us today discuss how to monitor Windows machines with Nagios XI using WMI.

Windows Machine Requirements for WMI Monitoring With Nagios

Before we setup WMI monitoring with Nagios to monitor and windows server or workstation, we have to ensure that we have the following requirements set up:

  • WMI service is up
  • WMI user account
  • Firewall rules

We have to log in as a user with administrator privileges. Following steps help us to check if the Windows Management Instrumentation service is running.

In Windows XP/Vista/7/8/10/Server 2003/Server 2008

  • Click Start and choose Run.
  • The window to the right will appear and type services.msc in the Open field and then click OK. We can also type services.msc in the Search field of the Start menu.

In Windows Server 2012/Server 2016

  • Open the Server Manager
  • In the Tools menu, select Services

Verify the service Windows Management Instrument (WMI) is in Started status and has the Startup Type of Automatic.

wmi monitoring with nagios

Configure A WMI User Account On The Windows Machine

Next, we need to configure a WMI user account on the local machine. This account will be used to monitor the Windows machine from Nagios XI. For instance, to create a new user account called wmiagent with a password wmiagent use the command below from an administrative command prompt:

net user wmiagent wmiagent /add

We should get a response of “The command completed successfully”.

Note to use a stronger password than wmiagent, as it will most likely fail the password policy requirements.

Setting WMI Permissions

WMI requires a valid username and password on the target system. We can add only the permissions needed to the Windows user account. Some of these permissions do not need to be set if our user account is a member of the local administrator’s group. However, from a security perspective, it is best to use an account with only the minimal required permissions.

If we wish to monitor multiple computers across the domain, instead add the user to be a member of the “Distributed Com Users”, “Event Log Readers”, “Performance Log Users” and “Performance Monitor Users” groups.

Adding Remote Activation Privilege to Windows DCOM

We need to give our newly created user access to DCOM on the localhost. In order to do this, open Component Services.

Click Start, choose Run. Type DCOMCnfg.exe and click OK.

In Server 2012/2016, this is located at Server Manager > Tools > Component Services.

Expand Component Services > Computers and click on My Computer. Then, right-click on My Computer and select Properties.

Click the COM Security tab. Under the Launch and Activation Permissions section, click the Edit Limits button. Then, click the Add button

Type wmiagent in the Enter the object names to select field and click OK.

wmi monitoring with nagios

We may need to use the Locations button to set the search scope to be the local computer object (instead of the domain). Now, we will see wmiagent as a user and it will be selected.

Check the Remote Launch and Remote Activation checkboxes under the Allow column. Click OK twice. We can now close the Component Services management console.

Adding Remote WMI Access

In order for the wmiagent user to return data remotely from WMI, access to the WMI namespace CIMV2 must be granted.

Click Start, choose Run. Type WMImgmt.msc and click OK. Right-click on WMI Control (local) and select Properties.

Now, click the Security tab of the WMI Control Properties window. Expand Root and select CIMV2.

Click the Security button and then the Add button

Type wmiagent in the Enter the object names to select field and click OK.

We may need to use the Locations button to set the search scope to be the local computer object. Now, we can see wmiagent as a user and it will be selected.

Check the Enable Account and Remote Enable checkboxes under the Allow column. Click OK twice. We can now close the WmiMgmt management console.

Windows Firewall Settings

Next, configure the firewall rules specific to the version of windows being monitored.

Windows Server 2008/2012/2016 Firewall Rules

To check firewall settings, select Start and type firewall in the search dialog box and open Windows Firewall with Advanced Security.

In Server 2012/2016, this is located at Server Manager > Tools > Windows Firewall with Advanced Security.

From the left-hand pane, click Inbound Rules. In the right-hand pane, click Filter by Group and then select Windows Management Instrumentation (WMI). We will then be shown the available firewall rules for WMI.

We need to make sure that the DCOM-In and WMI-In rules are enabled.

If the WMI rule group does not exist, execute the commands from the command prompt.

netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135

netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any

netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow

netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any

 

Windows Server 2003 Firewall Rules

The following section describes firewall and DCOM port configuration for a 2003 Windows Server. By default, DCOM communicates with the client on a random port. So in order to write firewall rules, it also describes a specific port range.

Click Start, choose Run, type DCOMCnfg.exe, and click OK.

Expand Component Services, expand Computers, right-click My Computer, and select Properties.

Click the Default Protocols tab and the Properties button. Then click the Add button.

Add a port range for COM services. In this example, the range is from 5000-5020. Depending on our environment, we may want to choose a different range.

Finally, click OK when done.

Now, we need to allow the port range through the windows firewall. This command will open ports from 5000-5020 to match the COM Internet Services Range.

FOR /L %I IN (5000,1,5020) DO netsh firewall add portopening TCP %I "COM"%I

Lastly, open DCOM port 135. For this, from the command prompt type:

netsh firewall add portopening TCP 135 "DCOM"

 

Running The Windows WMI Wizard

Now that WMI has been configured on our windows machine, we can now run the Windows WMI wizard from our Nagios XI server. To begin using the Windows WMI wizard, navigate via the top menu bar to Configure > Run a configuring wizard and select the Windows WMI wizard.

wmi monitoring with nagios

The wizard will prompt for the IP Address of the Windows machine, along with the Domain (if applicable), Username, and Password to access the machine. Alternatively, we can use an Auth File that includes the username and password. Once done, click Next.

Now, the wizard will perform a WMI query against the Windows machine to get a list of the available disks, services, and processes. If Nagios XI is not able to communicate via WMI, an error will be displayed.

Make sure the Host Name field is correctly populated. Select the server metrics, we wish to monitor and adjust the thresholds as required.

For Disk Usage, the automatically detected disk drives will be populated in the Scanned Disk List and they will already be selected in the drop-down lists.

Now, for Services, the automatically detected services will be populated in the Scanned Service List. We can add a service to be monitored by double-clicking it in the Scanned Service List.

For Event Logs, we can select the specific log on the windows machine and define warning and critical thresholds based on the amount of Warning or Error logs found in the past x hours.

Once we have finished selecting all the items we wish to monitor, click Next and then complete the wizard by choosing the required options.

To finish up, click on Finish in the final step of the wizard. This will create the new hosts and services and begin monitoring.

Once the wizard applies the configuration, click the View status details for xxxxx link to see the new host and services that were created.

Authentication File

In the initial step of the configuration wizard, we can provide the location of a file that contains the authentication username and password. This provides the following advantages:

  • It stores credentials in one location. If we need to update the credentials, we only need to update the file and all services that use the file are immediately affected
  • Admins using Core Configuration Manager will not see these credentials, they will only see the reference to the file

To create a file, we need to establish a terminal session to Nagios XI server. This example will create a file called wmi_auth.txt inside the folder /usr/local/nagios/etc/. Create the file by opening any text editor:

vi /usr/local/nagios/etc/wmi_auth.txt

Add two lines that contain our username and password, for example:

username=wmiagent
password=wmiagent

When we have finished, save the changes and close the file. Also, we can now close the terminal session and proceed to the following page to see how to use the authentication file in the configuration wizard.

Here we can see how the Auth File has been defined in the initial step of the configuration wizard.

It is important that the Username and Password fields above are empty to ensure the wizard correctly works.

Click Next and complete the wizard.

Need any further assistance set up WMI monitoring with Nagios? – We’re available 24*7

Conclusion

In short, to set up WMI monitoring with Nagios, we need to configure A WMI User Account On The Windows Machine and then set up the WMI permissions. Today, we saw how our Support Engineers perform this.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF