Skip to content

Instantly share code, notes, and snippets.

@anubhavg-icpl

anubhavg-icpl/idontknowwmci.md

Created February 21, 2025 16:44
Show Gist options
  • Save anubhavg-icpl/63d107915a4e664c7bddd93f13c303fd to your computer and use it in GitHub Desktop.
Save anubhavg-icpl/63d107915a4e664c7bddd93f13c303fd to your computer and use it in GitHub Desktop.
Download ZIP
Raw
idontknowwmci.md

https://community.icinga.com/t/monitoring-windows-remotely-through-wmi/2007

Below is an example document that explains how to set up and use remote Windows monitoring through WMI with Icinga. You can adjust paths, usernames, and parameters as needed for your environment.

Monitoring Windows Remotely via WMI with Icinga

This guide details how to monitor Windows machines without installing an agent by leveraging the Windows Management Instrumentation (WMI) layer. It focuses on using the check_wmi_plus plugin with Icinga, along with the WMIC client on Linux. Although other methods (e.g. PowerShell, SSH, SNMP) exist, this guide covers the WMI solution primarily for legacy environments (Windows Server 2012 and later).

Tested With:

  • Icinga 2 v2.10.x
  • Icinga Web 2 v2.6.x
  • Windows Server 2012 and later

Table of Contents

  1. Prerequisites & Requirements
  2. Linux Setup: Installing WMIC
  3. Icinga/Nagios Plugin: Installing check_wmi_plus
  4. Windows Configuration
  5. Icinga Configuration
  6. Conclusion & FAQ

Prerequisites & Requirements

Before beginning the installation, ensure you have the following:

  • On Linux:

    • A working WMIC client.
    • Perl installed along with required modules (see Icinga/Nagios Plugin section for details).

  • On Windows:

    • WMI enabled (usually on by default).
    • A dedicated Windows user with minimal privileges but granted WMI access.
    • (Recommended) WinRM and Remote Desktop enabled on the Windows node.

Linux Setup: Installing WMIC

The WMIC tool (WMI client for Linux) is needed to query Windows systems. You can either compile it from source or use pre-packaged binaries.

Compiling from Source

  1. Download the Source Code:

    Visit:
    http://edcint.co.nz/checkwmiplus/download/zenoss-wmi-source-v1-3-14/
    Save the archive in a directory such as /usr/local/src/.

  2. Extract and Build:

    cd /usr/local/src/
tar -xzf zenoss-wmi-source-v1-3-14.tar.gz
cd Samba/source
./autogen.sh
./configure
make
# Optionally run "make install" if needed

  3. Troubleshooting Compilation Issues:

    • If you encounter an error like:

      Can't use 'defined(@array)' (Maybe you should just omit the defined()?) at ./pidl/pidl line 583.

      edit the indicated line to comment out the use of defined(), then re-run make.

    • You might also see a message such as:

      make: *** No rule to make target `wmi/wmiq.o', needed by `bin/wmiq'.  Stop.

      This can be safely ignored.

    • If further errors occur, try adjusting compiler directives, for example:

      make "CPP=gcc -E -ffreestanding"

  4. Test the Installation:

    Run a basic WMIC query:

    wmic -U [domain/]adminuser%password //host_or_IP "select TotalPhysicalMemory from Win32_ComputerSystem"

    Expected output:

    CLASS: Win32_ComputerSystem
Name|TotalPhysicalMemory
hostname|412180664

Pre-packaged Binaries

If compiling is problematic, you may consider using available RPMs or DEBs. Examples include:

Icinga/Nagios Plugin

The plugin check_wmi_plus is written in Perl. It requires several Perl modules which can be installed either via your distribution’s package manager or CPAN.
Here is an example of the modules and the desired versions:

Module Name Installed Version Desired Version
Config::IniFiles 2.79 2.58
Getopt::Long 2.4 2.38
DateTime 1.04 0.66
Number::Format 1.73 1.73
Data::Dumper 2.145 2.125
Scalar::Util 1.27 1.22
Storable 2.45 2.22
Perl Version 5.016003 5.01

Installation Steps

  1. Install Required Perl Modules:

    For example, to install a module from CPAN:

    cpan install Number::Format

    If you require a specific version, provide the full module distribution filename:

    cpan SHLOMIF/Config-IniFiles-2.58.tar.gz

  2. Download and Unpack check_wmi_plus:

    Obtain the latest release from the plugin Releases page and unpack it in a directory accessible by Icinga (ideally under your custom plugin directory).

  3. Adjust the Plugin Configuration:

    Edit the main Perl script check_wmi_plus.pl and update:

    • Location of utils.pm:
      Adjust the path if it is not in /usr/lib/nagios/plugins.

    • Base Directory:
      Set the $base_dir variable to the installation directory of check_wmi_plus.pl.

    • WMIC Binary Path:
      Update $wmic_command with the full path to your WMIC executable.

    • Optional Settings:
      Configure $wmi_ini_dir (path for INI files) and $tmp_dir (for temporary files, default /tmp/).

Windows Configuration

To allow remote monitoring, configure WMI on the Windows server:

  1. Create a Dedicated User:

    • Open the WMI Control console:

      • Press StartRun, type wmimgmt.msc, and click OK.

    • In the console tree, right-click WMI Control and select Properties.

    • Navigate to the Security tab.

    • Select the desired namespace and click Security.

    • Click Add, enter the username (or group), verify with Check Names, and click OK.

    • In the Permissions list, adjust the following (as needed):

      • Execute Methods: Enable
      • Remote Enable: Enable
      • Enable Account: Enable
      • Read Security: Enable
      • Disable write permissions (Full Write, Partial Write, Provider Write, Edit Security).

  2. Enable WinRM and Remote Desktop in the Firewall:

    Open a command prompt (with administrative privileges) and run:

    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
winrm quickconfig

    When prompted, confirm the changes. You should see output confirming that WinRM is set up with a listener on HTTP.

  3. Further Reading:
    Refer to WMI for Windows Server documentation for additional details.

Icinga Configuration

Once the Linux and Windows sides are ready, you need to configure Icinga to use the WMI plugin.

Authentication File

Create an authentication file (e.g., /etc/icinga2/wmi.auth) with the following content:

username=myusername
password=mypassword
domain=mydomain

Set proper permissions to secure the file:

chown root:root /etc/icinga2/wmi.auth
chmod 0400 /etc/icinga2/wmi.auth

Defining the CheckCommand

Add the following command definition (e.g., in your commands.conf file):

object CheckCommand "check_wmi" {
    import "plugin-check-command"
    command = [ PluginDir + "/check_wmi_plus.pl" ]
    arguments = {
        "-H" = {
            value = "$host.address$"
            description = "Name or IP address of host to monitor"
        }
        "-A" = {
            value = "$wmi_authfile_path$"
            description = "Authentication file path"
        }
        "-m" = {
            value = "$check_mode$"
            description = "WMI mode to use for specific check"
        }
        "-s" = {
            value = "$wmi_submode$"
            description = "Optional WMI submode"
        }
        "-a" = {
            value = "$wmi_arg1$"
            description = "First argument to WMI"
        }
        "-o" = {
            value = "$wmi_arg2$"
            description = "Second argument to WMI"
        }
        "-3" = {
            value = "$wmi_arg3$"
            description = "Third argument to WMI"
        }
        "-4" = {
            value = "$wmi_arg4$"
            description = "Fourth argument to WMI"
        }
        "-y" = {
            value = "$wmi_delay$"
            description = "Delay between consecutive WMI queries"
        }
        "-w" = {
            value = "$wmi_warn$"
            description = "Warning threshold"
        }
        "-c" = {
            value = "$wmi_crit$"
            description = "Critical threshold"
        }
        "--nodatamode" = {
            set_if = "$wmi_nodatamode$"
        }
        "--inidir" = {
            value = "$wmi_inidir$"
            description = "Path to the INI directory"
        }
    }

    vars.wmi_authfile_path = "/etc/icinga2/wmi.auth"
    vars.wmi_inidir = "/opt/icinga/plugins/check_wmi_plus.d"
    vars.wmi_nodatamode = false
}

Service Templates and Apply Rules

Create a service template specifically for WMI-based checks (for example, in templates.conf):

template Service "wmi-service" {
    import "generic-service"
    check_command = "check_wmi"
    check_interval = 1m
    retry_interval = 1m
}

Then define service apply rules in a file (e.g., wmi-services.conf). Below are some sample rules:

Free Disk Space

apply Service "Free Disk Space" {
    import "generic-service"
    vars.check_mode = "checkvolsize"
    vars.wmi_arg1 = "."
    vars.wmi_arg2 = "1"
    vars.wmi_arg3 = "1"
    vars.wmi_warn = "88"
    vars.wmi_crit = "92"
    check_command = "check_wmi"
    assign where host.vars.os == "Windows"
    ignore where host.vars.disable_wmi
}

CPU Utilization

apply Service "CPU Utilization" {
    import "generic-service"
    vars.check_mode = "checkeachcpu"
    vars.wmi_warn = "95"
    vars.wmi_crit = "99"
    vars.wmi_timeout = "160"
    check_command = "check_wmi"
    assign where host.vars.os == "Windows" && host.vars.cpu_utilz
    ignore where host.vars.disable_wmi
}

IIS: Connections

apply Service "IIS: Connections" {
    import "generic-service"
    vars.check_mode = "checkiis"
    vars.wmi_submode = "connections"
    vars.wmi_arg1 = "_Total"
    vars.wmi_timeout = "190"
    check_command = "check_wmi"
    assign where host.vars.iis_server
    ignore where host.vars.disable_wmi
}

MSSQL: General Statistics

apply Service "MSSQL: General Statistics" {
    import "generic-service"
    vars.check_mode = "checksql"
    vars.wmi_submode = "general"
    if (host.vars.mssql_edition == "Express") {
        vars.wmi_arg1 = "MSSQLSQLEXPRESS_MSSQLSQLEXPRESS"
    }
    check_command = "check_wmi"
    assign where host.vars.mssql_server
    ignore where host.vars.disable_wmi
}

Event Log: Application

apply Service "Event Log: Application" {
    import "generic-service"
    vars.check_mode = "checkeventlog"
    vars.wmi_arg1 = "application"
    vars.wmi_arg2 = "2"
    vars.wmi_arg3 = "1"
    vars.wmi_warn = "50"
    vars.wmi_crit = "100"
    check_command = "check_wmi"
    assign where host.vars.os == "Windows" && host.vars.event_log_application
    ignore where host.vars.disable_wmi
}

Additional services or specific process checks (e.g., monitoring a Jenkins process) can be added following the above examples.

Conclusion & FAQ

Conclusion

While using WMI via the check_wmi_plus plugin may not be the most future-proof solution (especially with enhanced PowerShell and SSH support in newer Windows versions), it remains a robust method for monitoring legacy environments. This guide should help you set up both the Linux side (WMIC and plugin) and the necessary Windows configurations, as well as integrate the checks into your Icinga setup.

FAQ

  • Q: What types of services can I monitor using WMI?
    A: You can monitor uptime, disk usage, CPU load, Active Directory, RDP sessions, IIS, MSSQL, Event Logs, and process statuses.

  • Q: Can I create my own custom scripts?
    A: Yes, you can. However, many find that PowerShell (or SSH for Windows Server 2019 and later) offers a more versatile, future-proof approach.

  • Q: Need help with configuration files?
    A: The Icinga community forum is an excellent resource for support and discussion.

This document provides a comprehensive overview of setting up and using remote Windows monitoring through WMI with Icinga. Adapt the instructions as necessary for your infrastructure and security policies.

@anubhavg-icpl
Copy link
Author

Installation Guide for Check WMI Plus Plugin

Check WMI Plus is an agent-less Windows monitoring plugin for Nagios/Icinga written in Perl. This guide details the installation and configuration steps on a Linux system.

Note: This guide assumes that you are familiar with Linux command line operations, have Nagios/Icinga installed, and possess administrative privileges.

Table of Contents

Introduction

Check WMI Plus allows you to monitor Windows machines without installing an agent by using WMI queries. It relies on a WMIC Server from the aiowmi project that forwards WMI queries from the plugin to a target Windows host. This plugin is written in Perl and depends on several Perl modules with specific version requirements.

Prerequisites

  • Linux System: With Nagios or Icinga installed.
  • Perl: Ensure Perl is installed (most distributions include Perl by default).
  • Administrative Rights: Sudo or root access for package installation and system modifications.
  • Familiarity: Basic command line knowledge.

Installing the WMIC Server (aiowmi)

Check WMI Plus requires the WMIC Server component provided by the aiowmi project.

  1. Select an Installation Directory:
    For example, use /opt:

    cd /opt

  2. Clone the Repository:

    git clone https://github.com/cesbit/aiowmi.git

  3. Build and Configure:
    Follow the instructions in the aiowmi repository's README. This may involve compiling the WMIC Server and setting it up as a long-running API service.

  4. Start the WMIC Server:

    cd aiowmi
python3 -m pip install -r requirements.txt
python3 setup.py install
python3 -m aiowmi

  5. Test the WMIC Server:
    Run a sample WMI query using the following Python script:

    import asyncio
from aiowmi.connection import Connection
from aiowmi.query import Query

    async def main():
    
host = '10.0.0.1'
    
username = 'your-username'
    
password = 'your-password'
    

    conn = Connection(host, username, password)
await conn.connect()
service = await conn.negotiate_ntlm()

query = Query('SELECT * FROM Win32_OperatingSystem')
async with query.context(conn, service) as qc:
    async for props in qc.results():
        for name, prop in props.items():
            print(name, ':', prop.value)
service.close()
conn.close()

    

    asyncio.run(main())

Installing Required Perl Modules

The plugin depends on several Perl modules, with certain versions required. Below is a sample table of key modules:

Module Name Installed Version Desired Version
Config::IniFiles 2.79 2.58
Getopt::Long 2.4 2.38
DateTime 1.04 0.66
Number::Format 1.73 1.73
Data::Dumper 2.145 2.125
Scalar::Util 1.27 1.22
Storable 2.45 2.22
Perl Version 5.016003 5.01

Installing via APT (Debian/Ubuntu/Kali)

sudo apt-get update
sudo apt-get install libconfig-inifiles-perl libdatetime-perl libscalar-list-utils-perl libnumber-format-perl libjson-perl

Downloading and Installing Check WMI Plus

  1. Download the Plugin Bundle:

    wget https://github.com/cesbit/check_wmi_plus/releases/latest/download/check_wmi_plus.tar.gz

  2. Extract the Bundle:

    tar -xzvf check_wmi_plus.tar.gz -C /tmp

  3. Copy Executable Files:

    sudo cp /tmp/check_wmi_plus-*/check_wmi_plus.pl /usr/local/bin/
sudo cp /tmp/check_wmi_plus-*/check_wmi_plus_help.pl /usr/local/bin/

Configuring Check WMI Plus

  1. Edit the Configuration File:

    sudo nano /etc/check_wmi_plus/check_wmi_plus.conf

  2. Adjust Plugin Script Paths: Modify check_wmi_plus.pl to set correct paths.

  3. Set the WMIC Binary Location: Update $wmic_command variable with the full path to your WMIC binary.

Testing the Installation

  1. Run the Diagnostic Command:

    /usr/local/bin/check_wmi_plus.pl -d -d | head -n 25

  2. Perform a Sample WMI Query:

    /usr/local/bin/check_wmi_plus.pl -H 10.0.0.1 -u your-username -p your-password -m checkcpu

Troubleshooting

  • Module Version Mismatches: Reinstall modules via CPAN if diagnostic output shows mismatches.

  • Errors Regarding utils.pm: Verify and update the Perl library paths in check_wmi_plus.pl.

  • Configuration Issues: Double-check all paths and parameters in /etc/check_wmi_plus/check_wmi_plus.conf.

Conclusion

You have successfully installed and configured Check WMI Plus with the aiowmi server. This setup allows agentless monitoring of Windows hosts via WMI queries. For further details, refer to the official documentation and forums.

# Installation Guide for Check WMI Plus Plugin

Check WMI Plus is an agent-less Windows monitoring plugin for Nagios/Icinga written in Perl. This guide details the installation and configuration steps on a Linux system.

Note: This guide assumes that you are familiar with Linux command line operations, have Nagios/Icinga installed, and possess administrative privileges.

Table of Contents

Introduction

Check WMI Plus allows you to monitor Windows machines without installing an agent by using WMI queries. It relies on a WMIC Server from the [aiowmi project](https://github.com/cesbit/aiowmi) that forwards WMI queries from the plugin to a target Windows host. This plugin is written in Perl and depends on several Perl modules with specific version requirements.

Prerequisites

  • Linux System: With Nagios or Icinga installed.
  • Perl: Ensure Perl is installed (most distributions include Perl by default).
  • Administrative Rights: Sudo or root access for package installation and system modifications.
  • Familiarity: Basic command line knowledge.

Installing the WMIC Server (aiowmi)

Check WMI Plus requires the WMIC Server component provided by the aiowmi project.

  1. Select an Installation Directory:
    For example, use /opt:

    cd /opt

  2. Clone the Repository:

    git clone https://github.com/cesbit/aiowmi.git

  3. Build and Configure:
    Follow the instructions in the aiowmi repository's README. This may involve compiling the WMIC Server and setting it up as a long-running API service.

  4. Start the WMIC Server:

    cd aiowmi
python3 -m pip install -r requirements.txt
python3 setup.py install
python3 -m aiowmi

  5. Test the WMIC Server:
    Run a sample WMI query using the following Python script:

    import asyncio
from aiowmi.connection import Connection
from aiowmi.query import Query

async def main():
    host = '10.0.0.1'
    username = 'your-username'
    password = 'your-password'

    conn = Connection(host, username, password)
    await conn.connect()
    service = await conn.negotiate_ntlm()

    query = Query('SELECT * FROM Win32_OperatingSystem')
    async with query.context(conn, service) as qc:
        async for props in qc.results():
            for name, prop in props.items():
                print(name, ':', prop.value)
    service.close()
    conn.close()

asyncio.run(main())

Installing Required Perl Modules

The plugin depends on several Perl modules, with certain versions required. Below is a sample table of key modules:

Module Name Installed Version Desired Version
Config::IniFiles 2.79 2.58
Getopt::Long 2.4 2.38
DateTime 1.04 0.66
Number::Format 1.73 1.73
Data::Dumper 2.145 2.125
Scalar::Util 1.27 1.22
Storable 2.45 2.22
Perl Version 5.016003 5.01

Installing via APT (Debian/Ubuntu/Kali)

sudo apt-get update
sudo apt-get install libconfig-inifiles-perl libdatetime-perl libscalar-list-utils-perl libnumber-format-perl libjson-perl

Downloading and Installing Check WMI Plus

  1. Download the Plugin Bundle:

    wget https://github.com/cesbit/check_wmi_plus/releases/latest/download/check_wmi_plus.tar.gz

  2. Extract the Bundle:

    tar -xzvf check_wmi_plus.tar.gz -C /tmp

  3. Copy Executable Files:

    sudo cp /tmp/check_wmi_plus-*/check_wmi_plus.pl /usr/local/bin/
sudo cp /tmp/check_wmi_plus-*/check_wmi_plus_help.pl /usr/local/bin/

Configuring Check WMI Plus

  1. Edit the Configuration File:

    sudo nano /etc/check_wmi_plus/check_wmi_plus.conf

  2. Adjust Plugin Script Paths:
    Modify check_wmi_plus.pl to set correct paths.

  3. Set the WMIC Binary Location:
    Update $wmic_command variable with the full path to your WMIC binary.

Testing the Installation

  1. Run the Diagnostic Command:

    /usr/local/bin/check_wmi_plus.pl -d -d | head -n 25

  2. Perform a Sample WMI Query:

    /usr/local/bin/check_wmi_plus.pl -H 10.0.0.1 -u your-username -p your-password -m checkcpu

Troubleshooting

  • Module Version Mismatches:
    Reinstall modules via CPAN if diagnostic output shows mismatches.

  • Errors Regarding utils.pm:
    Verify and update the Perl library paths in check_wmi_plus.pl.

  • Configuration Issues:
    Double-check all paths and parameters in /etc/check_wmi_plus/check_wmi_plus.conf.

Conclusion

You have successfully installed and configured Check WMI Plus with the aiowmi server. This setup allows agentless monitoring of Windows hosts via WMI queries. For further details, refer to the official documentation and forums.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment