Monitoring Windows Machines with WMI and Nagios XI
Total Page:16
File Type:pdf, Size:1020Kb
Nagios XI – Monitoring Windows Using WMI The Industry Standard in IT Infrastructure Monitoring Purpose This document describes how to monitor Windows machines with Nagios® XI™ using WMI. WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines. Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents. Target Audience This document is intended for use by Nagios XI Administrators who want to monitor Windows servers and workstations without having to install an agent. XI Server Requirements Before you can monitor Windows machines using WMI, you must install the WMI client on the Nagios XI server. For instructions on doing this, read the following document from the Nagios Library: Installing The WMI Client For XI http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf Windows Machine Requirements You will need to ensure you have the following requirements setup before you can use WMI to monitor and windows server or workstation. • WMI service is running • WMI user account set up • Firewall rules set up We will walk through each of these requirements for the window machine you wish to monitor. You will need to log in as a user with administrator privileges. WMI Service First, verify the WMI service is running on your windows machine: Click Start and choose Run. The window to the right will appear and type “services.msc” in the Open field. Note: This document was originally written for Windows XP and Windows Server 2003. If you are running a later version of Window or Windows Server, you can skip the Run step in the instructions and instead type the “services.msc” in the Search field of Start menu. This applies to all the instructions going forward in this document. Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 1 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Before you can monitor Windows machines using WMI, you must ensure that the Windows Management Instrumentation service is running. You can configure and start the service in the Computer Management console under the Services section. Verify the service Windows Management Instrument (WMI) is in a status of Started. Configure A WMI User Account On The Windows Machine: Next, configure a WMI user account on the local machine. We'll create a new user account called “wmiagent” with a password “wmiagent” as an example. From the command prompt enter: net user wmiagent wmiagent /add Setting WMI permissions WMI requires a valid username and password on the target system. The following steps outline how to add only the permissions needed to the Windows user account. However, you can add the user to be a member of the local administrators group instead. Note: If you wish to monitor multiple computers across the domain, instead add the user to be a member of the “Distributed Com Users”, “Performance Log Users” and “Performance Monitor Users” groups. Adding Remote Activation Privilege to Windows DCOM Next, we need to give our newly created user access to DCOM on the localhost. In order to do this, open Component Services. Click Start, choose Run. Enter “DCOMCnfg.exe” and click OK. Expand Component Services, and drill down to the local computer. Right click on My Computer and select Properties Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 2 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Select COM Security tab, and next choose the Edit Limits... button from the Launch Activation Permissions section. Add the user that will be used by Nagios to monitor this machine, in our case the user is wmiagent. Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You will now see wmiagent as a user. Check the Remote Launch and Remote Activation check boxes under Allow. Click OK twice. Adding Remote WMI Access In order for our user to return data remotely from WMI, access to the WMI namespace CIMV2 must be added. Click Start, choose Run, type “WMImgmt.msc” Right click on WMI Control (local) and select Properties. Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 3 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Select the Security tab of the WMI Control Properties. Expand Root, and right click on CIMV2, select Properties Note: In later version of Windows you need to select CMIV2 and click the Security button. Click Add. Enter “wmiagent” in the Enter the object name to select and click OK. You may need to use the Check Names button to find the correct object. You will now see “wmiagent” as a user. Check the Enable Account and Remote Enable check boxes under Allow. Click OK twice. Windows Firewall Settings Next, configure the firewall rules specific to the version of windows being monitored. Windows Server 2008 Windows Server 2008 should by default have the correct firewall rules set. To check firewall settings, select Start and type “firewall” in the search dialog box and hit enter. Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 4 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Verify the Inbound Rules exist and are enabled for: • DCOM • WMI If the WMI rule group does not exist as pictured above, the recommended settings are listed here as outlined by Microsoft. From the command prompt enter: netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot %\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135 netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot %\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot %\system32\wbem\unsecapp.exe action=allow netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot %\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any More details about 2008 firewall settings can be found at: http://msdn.microsoft.com/en-us/library/windows/desktop/aa822854(v=vs.85).aspx Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 5 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Windows Server 2012 Create a user account on the server. Example is wmiagent as the username and wmiagent as the password. Add the user (s) in question to the Performance Monitor Users group. You can access this from Control Panel, Administrative Tools, Computer Management. Expand System Tools, Local Users and Groups, Groups. Edit the Performance Monitor Users group and add the wmiagent user. Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 6 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Enabling Remote DCOM Under Services and Applications, bring up the Properties dialog of WMI Control. You can access this from Control Panel, Administrative Tools, Computer Management. Expand Services and Applications and right click WMI Control. In the Security tab, highlight the root / CIMV2, click Security; Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 7 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Add Performance Monitor Users Group and enable the options: Enable Account and Remote Enable. Click OK Run dcomcnfg. At Component Services> Computers> My Computer, Right click My Computer and Select the COM COM Security tab of the Properties dialog box. Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 8 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Click "Edit Limits" for Both Access Permissions and Launch and Activation Permissions. Add Performance Monitor Users and allow remote access, remote launch, and remote activation Nagios Enterprises, LLC US: 1-888-NAGIOS-1 Web: www.nagios.com Page 9 P.O. Box 8154 Int'l: +1 651-204-9102 Email:[email protected] Saint Paul, MN 55108 Fax: +1 651-204-9103 USA Copyright © 2010 - 2014 Nagios Enterprises, LLC Revision 1.0 – April, 2016 Nagios XI – Monitoring Windows Using WMI Select Windows Management Instrumentation under Component Services> Computers> My Computer> DCOM Config. Right Click Windows Management Instrumentation and select the Security Tab.