Alignak checks package for Windows WMI
Checks pack for monitoring hosts with Windows Management Instrumentation (WMI)
Installation
The installation of this checks pack will copy some configuration files in the Alignak default configuration directory (eg. /usr/local/etc/alignak). The copied files are located in the default sub-directory used for the packs (eg. arbiter/packs).
From PyPI
To install the package from PyPI:
sudo pip install alignak-checks-wmi
From source files
To install the package from the source files:
git clone https://github.com/Alignak-monitoring-contrib/alignak-checks-wmi cd alignak-checks-linux-snmp sudo pip install .
Note: using `sudo python setup.py install` will not correctly manage the package configuration files! The recommended way is really to use `pip`;)
Documentation
Configuration
Note: this pack embeds the wmic
binary that is not always easy to find for Linux distributions :/
The embedded version of wmic
is only compatible with Linux distros. For Unix (FreeBSD), you can simply install the wmic port:
pkg install wmi-client cd /var/cache/pkg/ tar Jxvf wmi-client-1.3.16_1.txz # winexe and wmic scripts are available in /usr/local/bin/
The check_wmi_plus.pl script assumes that the executable wmic is installed in the Alignak plugins directory. Edit the check_wmi_plus.conf configuration file to change the wmic location if necessary. The variable to set is $wmic_command.
Note: The files check_wmi_plus.pl and check_wmi_plus.conf, located in the /usr/local/var/libexec/alignak, need some configuration. Edit them and search for the ALIGNAK keyword to find out what is to be configured and set according to your server.
Edit the /usr/local/etc/alignak/arbiter/packs/resource.d/wmi.cfg file and configure the domain name, user name and password allowed to access remotely to the monitored hosts WMI.
#-- Active Directory for WMI # Replace MYDOMAIN with your domain name or . for local user account $DOMAIN$=MYDOMAIN # Replace MYUSER with the WMI authorized user (domain or local user account) $DOMAINUSERSHORT$=MYUSER $DOMAINUSER$=$DOMAIN$\\$DOMAINUSERSHORT$ # Replace MYPASSWORD with the WMI authorized user password $DOMAINPASSWORD$=MYPASSWORD
Install PERL dependencies for check_wmi_plus plugin
You must install some PERL dependencies for the check_wmi_plus.pl script.
On some Linux distros, you can:
su - apt-get install libnumber-format-perl apt-get install libconfig-inifiles-perl apt-get install libdatetime-perl
Or you can use the PERL cpan utility:
cpan install Config::IniFiles cpan install Number::Format cpan install DateTime
More information is available on `Check WMI Plus Web site<http://edcint.co.nz/checkwmiplus/?q=Installation>`_.
Prepare Windows host
Some operations are necessary on the Windows monitored hosts if WMI remote access is not yet activated.
Create a user account:
- username/password (example): alignak/alignak
- member of following groups: Administrators, Remote DCOM users
- Deactivate interactive login permissions (more secure)
Check that WMI and RPC services are started
The Windows Firewall must allow inbound trafic for: - Windows Firewall Remote Management (RPC) - Windows Management Instrumentation (DCOM-In) - Windows Management Instrumentation (WMI-In)
This page contains more information about remote WMI configuration: https://kb.op5.com/display/HOWTOs/Agentless+Monitoring+of+Windows+using+WMI
Test remote WMI access with the plugins files:
# Basic wmic command ... $ /usr/local/var/libexec/alignak/wmic -U .\\alignak%alignak //192.168.0.20 'Select Caption From Win32_OperatingSystem' # Alignak plugin command ... $ /usr/local/var/libexe/alignak/check_wmi_plus.pl -H 192.168.0.20 -u ".\\alignak" -p "alignak" -m checkdrivesize -a '.' -w 90 -c 95 -o 0 -3 1 --inidir=/usr/local/var/libexec/alignak
Note: these commands assume that you created an alignak user account with alignak as a password.
As a default, WMI opens random TCP ports to communicate with the requesting customer. The Windows WMI service can be configured to use only one port as explained here: https://msdn.microsoft.com/en-us/library/bb219447(v=vs.85).aspx.
An abstract of this article:
To set up a fixed port for WMI 1. Stop the WMI service by typing the command: net stop "Windows Management Instrumentation", or net stop winmgmt 2. At the command prompt, type: winmgmt -standalonehost 3. Restart the WMI service again in a new service host by typing: net start "Windows Management Instrumentation" or net start winmgmt 4. Establish a new port number for the WMI service by typing: netsh firewall add portopening TCP 24158 WMIFixedPort To undo any changes you make to WMI, type: winmgmt /sharedhost, then stop and start the winmgmt service again.
Alignak configuration
You simply have to tag the concerned hosts with the template windows-wmi.
define host{ use windows-wmi host_name host_windows_wmi address 127.0.0.1 }
The main windows-wmi template declares macros used to configure the launched checks. The default values of these macros listed hereunder can be overriden in each host configuration.
_DOMAIN $DOMAIN$ _DOMAINUSERSHORT $DOMAINUSERSHORT$ _DOMAINUSER $_HOSTDOMAIN$\\$_HOSTDOMAINUSERSHORT$ _DOMAINPASSWORD $DOMAINPASSWORD$ _WINDOWS_DISK_WARN 90 _WINDOWS_DISK_CRIT 95 _WINDOWS_EVENT_LOG_WARN 1 _WINDOWS_EVENT_LOG_CRIT 2 _WINDOWS_REBOOT_WARN 15min: _WINDOWS_REBOOT_CRIT 5min: _WINDOWS_MEM_WARN 80 _WINDOWS_MEM_CRIT 90 _WINDOWS_ALL_CPU_WARN 80 _WINDOWS_ALL_CPU_CRIT 90 _WINDOWS_CPU_WARN 80 _WINDOWS_CPU_CRIT 90 _WINDOWS_LOAD_WARN 10 _WINDOWS_LOAD_CRIT 20 _WINDOWS_NET_WARN 80 _WINDOWS_NET_CRIT 90 _WINDOWS_EXCLUDED_AUTO_SERVICES _WINDOWS_AUTO_SERVICES_WARN 0 _WINDOWS_AUTO_SERVICES_CRIT 1 _WINDOWS_BIG_PROCESSES_WARN 25 #Default Network Interface _WINDOWS_NETWORK_INTERFACE Ethernet # Now some alert level for a windows host _WINDOWS_SHARE_WARN 90 _WINDOWS_SHARE_CRIT 95
To set a specific value for an host, declare the same macro in the host definition file.
define host{ use windows-wmi contact_groups admins host_name sim-vm address 192.168.0.16 # Specific values for this host # Change warning and critical alerts level for memory # Same for CPU, ALL_CPU, DISK, LOAD, NET, ... _WINDOWS_MEM_WARN 10 _WINDOWS_MEM_CRIT 20 # Exclude some services from automatic start check # Use a regexp that matches against the short or long service name as it can be seen in the properties of the service in Windows. # The matching services are excluded in the resulting list. # Example: (ShortName)|(ShortName)| ... |(ShortName) _WINDOWS_EXCLUDED_AUTO_SERVICES (IAStorDataMgrSvc)|(MMCSS)|(ShellHWDetection)|(sppsvc)|(clr_optimization_v4.0.30319_32) }
Bugs, issues and contributing
Contributions to this project are welcome and encouraged ... issues in the project repository are the common way to raise an information.