How to Monitor Windows Hosts via Nagios

Posted on Dickson Victor By Dickson Victor No Comments on How to Monitor Windows Hosts via Nagios
Windows host monitoring

Learn how to effectively monitor Windows hosts using Nagios Core is an open-source monitoring system designed to monitor systems, networks, and infrastructure (Get metrics for CPU, Disk, Memory, and Services with ease). It provides alerts and notifications about issues and performance problems, allowing system administrators to respond accordingly. Please see how to Block downloads on Microsoft Edge using GPO on Windows Server 2019 and 2022, and how to use Container Insights for Azure Kubernetes Workload.

In addition to the above, Nagios can monitor a variety of system parameters, including server uptime, application performance, and network traffic.

Nagios also offers monitoring and alerting services for servers, switches, applications, and services. Kindly refer to these related guides: How to Install and Configure Nagios on Ubuntu.

To monitor Windows Machines you will need to follow several steps and they are:

  • Install NSClient++ addon on the Windows Machine.
  • Configure Nagios Server for monitoring Windows Machine.
  • Add new host and service definitions for Windows machine monitoring.
  • Restart the Nagios service.

Also, see How to locate and edit the host file on macOS, and how to “Performance and Diagnostics in Microsoft Cloud with Azure Monitor“.

Install NSClient++ addon on the Windows machine

See the following link for more details. The addon acts as a proxy between the Windows machine and Nagios and monitors actual services by communicating with the check_nt plugin. The check_nt plugin already installed on the Nagios Monitoring Server

Note: This can be done traditionally. Once you’ve downloaded the latest stable version, unzip the NSClient++ files into a new C:NSClient++ directory.

Now open an Command prompt and press enter and change to the C:NSClient++ directory.

C:NSClient++

Next, register the NSClient++ service on the system with the following command

nsclient++ /install

Finally, install the NSClient++ systray with the following command.

nsclient++ SysTray

Open the Windows Services Manager and right-click on NSClient go to Properties and then ‘Log On‘ tab and click the checkbox that says “Allow service to interact with the desktop“. If it isn’t already allowed, please check the box to allow it to.

Open NSC.INI file located at C:NSClient++ directory and uncomment all the modules defined in the “modules” section, except for CheckWMI.dll and RemoteConfiguration.dll.

Uncomment the “allowed_hosts” in the “Settings” section and define the IP address of your Nagios Monitoring Server or leave it blank to allow any hosts to connect.

Uncomment the “port” in the “NSClient” section and set to default port ‘12489‘. Make sure to open ‘12489‘ port on Windows Firewall.

Finally, start the NSClient++ service with the following command. Please see How to install Windows Server 2022 on VirtualBox.

nsclient++ /start

If you properly installed and configured, you should see a new icon in the system tray in yellow circle with a black ‘M‘ inside.

Monitor Windows Hosts: Configuring Nagios

Here we have the check_nt command defined already and added to the command.cfg file.
This definition command is used by check_nt plugin to monitor Windows services.

A windows-server host template already created in the templates.cfg file. This template allows you to add new Windows host definitions.

Note: These two files “command.cfg” and “templates.cfg” files can be found at /usr/local/nagios/etc/objects/ directory.

# vi /usr/local/nagios/etc/objects/windows.cfg
# Define a host for the Windows machine we'll be monitoring
# Change the host_name, alias, and address to fit your situation
 define host{
use windows-server ; Inherit default values from a template
host_name winserver ; The name we're giving to this host
alias My Windows Server ; A longer name associated with the host
address 172.xxx.xxx.53 ; IP address of the host
}
 Following services are already added and enabled in windows.cfg file.
If you wish to add some more other service definitions that needs to be monitored, you can simple add those definitions to same configuration file. Make sure to change the host_name
for these all services with host_name defined in the above step.
 define service{
use generic-service
host_name winserver
service_description NSClient++ Version
check_command check_nt!CLIENTVERSION
}
 Add the following service definition to monitor the uptime of the Windows server.
 define service{
use generic-service
host_name winserver
service_description Uptime
check_command check_nt!UPTIME
}
 Add the following service definition to monitor the CPU utilization on the Windows server and generate a CRITICAL alert if the 5-minute CPU load is 90% or more or a WARNING alert if the 5-minute load is 80% or greater.
 define service{
use generic-service
host_name winserver
service_description CPU Load
check_command check_nt!CPULOAD!-l 5,80,90
}
 Add the following service definition to monitor memory usage on the Windows server and generate a CRITICAL alert if memory usage is 90% or more or a WARNING alert if memory usage is 80% or greater.
 define service{
use generic-service
host_name winserver
service_description Memory Usage
check_command check_nt!MEMUSE!-w 80 -c 90
}
 Add the following service definition to monitor usage of the C: drive on the Windows server and generate a CRITICAL alert if disk usage is 90% or more or a WARNING alert if disk usage is 80% or greater.
 define service{
use generic-service
host_name winserver
service_description C: Drive Space
check_command check_nt!USEDDISKSPACE!-l c -w 80 -c 90
}
 Add the following service definition to monitor the W3SVC service state on the Windows machine and generate a CRITICAL alert if the service is stopped.
 define service{
use generic-service
host_name winserver
service_description W3SVC
check_command check_nt!SERVICESTATE!-d SHOWALL -l W3SVC
}
 Add the following service definition to monitor the Explorer.exe process on the Windows machine and generate a CRITICAL alert if the process is not running. 

define service{
use generic-service
host_name winserver
service_description Explorer
check_command check_nt!PROCSTATE!-d SHOWALL -l Explorer.exe

Lastly, uncomment the windows.cfg file in /usr/local/nagios/etc/nagios.cfg.

# vi /usr/local/nagios/etc/nagios.cfg
# Definitions for monitoring a Windows machine
cfg_file=/usr/local/nagios/etc/objects/windows.cfg

Finally, verify the Nagios configuration files for any erros.
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session

5/5 - (1 vote)
Network | Monitoring Tags:,

Related Posts

More Related Articles

Cloud Infrastructure and Application Security Best Practices [AZURE] Hybrid Cloud Infrastructure and Application Security Best Practices Network | Monitoring
Featured image Microsoft Outlook How to Recall an Email in Microsoft Outlook Network | Monitoring
Fix error Microsoft Outlook cannot sign or encrypt this message when sending email. How to fix error “Microsoft Outlook cannot sign or encrypt this message” when sending email? Network | Monitoring
requestedlogon Error 1385: The user has not been granted the requested logon type at this time Network | Monitoring
Add Nutanix AHV to Veeam Full Integration Guide on how to Add Nutanix AHV to Veeam Network | Monitoring
vmwarefrsd4 CVE-2021-31693: VMware Tools for Windows update addresses a denial-of-service vulnerability Network | Monitoring

Leave a Reply