Nagios XI Monitoring Windows Using WMI

The Industry Standard in IT Infrastructure Monitoring

Purpose
This document describes how to monitor Windows machines with Nagios XI using WMI.

Target Audience
This document is intended for use by Nagios XI Administrators.

Overview
WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines. Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.

XI Server Requirements
Before you can monitor Windows machines using WMI, you must install the WMI client on the Nagios XI server. For instructions on doing this, read the following document on the Nagios Library (http://library.nagios.com): Installing The WMI Client For XI

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 1
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Windows Machine Requirements
WMI configuration described in this article are as follows:

WMI service running WMI user account firewall rules WMI Service
First, verify the correct WMI service is running

Click start, run, type services.msc Start > run > services.msc

Before you can monitor Windows machines using WMI, you must ensure that the Windows Management Instrumentation service is running. You can configure and start the service in the Computer Management console under the Services section. Windows Management Instrument Started

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 2
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Configure WMI user account:

Next, configure a WMI user account on the local machine. We'll create a new user account called wmiagent with a password wmiagent as an example.

From the command prompt: net user wmiagent wmiagent /add

Adding WMI permissions

The following steps outline how to add only the permissions needed to a limited limited Windows user account. You can add the user to be a member of the local administrators group instead however. Note: if you wish to monitor multiple computers across the domain, instead add the user to be a member of the domain administrators group.

Adding remote activation privilege to Windows DCOM

Next, we need to give our newly created user access to DCOM on the localhost. In order to do this, open component services.

From the windows start menu click start, choose run, type DCOMCnfg.exe start > run > DCOMCnfg.exe

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 3
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Expand Component Services, and drill down to the local computer Right click on My Computer and select properties Select COM Security Tab, and next choose Edit Limits... from the Launch Activation Permissions section.

Component Services > My Computer > Properties > COM Security > Launch Activation Permissions > Edit Limits

Under the section Launch and Activation Permissions, click Edit Limits Add the user that will be used by Nagios to monitor this machine, in out case the user is wmiagent Check Remote Launch and Remote Activation

Remote Launch Remote Activation

click OK twice

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 4
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

adding remote WMI access
In order for our user to return data remotely from WMI, access to the WMI namespace CIMV2 is added

Open WMI control Click start, choose run, type WMImgmt.msc Right click on WMI Control(local) and select properties

start > run > WMImgmt.msc > WMI Control(local) > properties

Select the Security tab of the WMI Control Properties. Expand Root, and right click on CIMV2, select properties

Security > Root > CIMV2 > properties

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 5
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Check the following check boxes:

Enable Account Remote Enable

Windows Firewall
Next, configure the firewall rules specific to the version of windows being monitored.

Windows server 2008

Windows server 2008 should by default have the correct firewall rules set. To check firewall settings, type firewall in the windows run dialog box. Start > Run > Firewall

Inbound Rules

DCOM WMI

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 6
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

If the WMI rule group does not exist as pictured above, the recommended settings are listed here as outlined by Microsoft: Start > run > cmd type (or paste) the following in the command window: netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot %\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135 netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot %\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot %\system32\wbem\unsecapp.exe action=allow netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot %\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any

more details can be found here:

http://msdn.microsoft.com/en-us/library/windows/desktop/aa822854(v=vs.85).aspx

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 7
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Windows server 2003
The following section describes firewall and DCOM port configuration. By default DCOM communicates with the client on a random port, so in order to write firewall rules, specifying a port range is also described.

start > run > DCOMCnfg.exe

expand Component Services, expand Computers, right-click My Computer, and select properties. Next, choose the Default Protocols tab Component Services > Computers > My Computer > properties > Default Protocols

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 8
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Select properties, click add Add a port range for COM services. In our example we selected range from 5000-5020. depending on your environment you may want to choose a different range

Allow the port range through the windows firewall. This command will open ports from 5000-5020 to match the COM Internet Services Range. Click start > run > cmd FOR /L %I IN (5000,1,5020) DO netsh fire wall add portopening TCP %I "COM"%I

Lastly, open DCOM port 135 Click start > run > cmd netsh firewall add portopening TCP 135 "DCOM"

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 9
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

WMI requires a valid username and password on the target system. This document will show how to configure Windows server 2008. The defined steps apply to previous version of Windows as well although locations of snap-ins may be different.

Windows XP
If you are running a firewall on the Windows machine, you must ensure that the Nagios server can contact the WMI service. To do this, you must open TCP Port 135 on the Windows firewall.

Installing The WMI Wizard

To get started using Nagios XI to monitor Windows machine with WMI, you need to install the Windows WMI monitoring wizard. The WMI monitoring wizard may be downloaded from the following link:

http://assets.nagios.com/downloads/nagiosxi/wizards/windowswmi.zip
The wizard can be installed under the Manage Config Wizards screen in the Admin section of Nagios XI.

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 10
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

Running The WMI Wizard
Once the wizard is installed in Nagios XI, it will be available when you run the Monitoring Wizard from the Config menu.

The wizard will prompt you for the address of the Windows machine, along with the credentials used to authenticate.

The wizard will allow you to select what types of metrics and data should be monitored, along with warning and critical thresholds. Metrics and data that can be monitored using the WMI wizard include:

CPU Usage Memory Usage Page File Usage Disk Usage Service State Process State Event Log Data

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 11
Revision 1.0 December, 2011

Nagios XI Monitoring Windows Using WMI

The screenshot below shows disk, cpu, memory, service, and process monitoring capabilities of the WMI wizard:

Troubleshooting
Issue: Nagios showing (null) or Install wmic. Fix: The WMIC plugins were not installed properly. Redo the steps outlined at

http://assets.nagios.com/downloads/nagiosxi/docs/Installing_The_WMI_Client_For_XI.pdf

Nagios Enterprises, LLC P.O. Box 8154 Saint Paul, MN 55108 USA

US: 1-888-NAGIOS-1 Int'l: +1 651-204-9102 Fax: +1 651-204-9103

Web: www.nagios.com Email: sales@nagios.com

Page 12
Revision 1.0 December, 2011