WMI (Windows Management Instrumentation) allows for agentless monitoring of Windows machines. Nagios XI supports WMI monitoring, which provides admins with a simple method of monitoring their Windows servers and workstations without having to install or configure agents.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Nagios queries.
In this context, we shall look into how to monitor Windows machines with Nagios XI using WMI.
Before we setup WMI monitoring with Nagios to monitor and windows server or workstation, we have to ensure that we have the following requirements set up:
We have to log in as a user with administrator privileges.
Following steps help us to check if the Windows Management Instrumentation service is running.
In Windows XP/Vista/7/8/10/Server 2003/Server 2008:
In Windows Server 2012/Server 2016:
Verify the service Windows Management Instrument (WMI) is in Started status and has the Startup Type of Automatic.
Next, we need to configure a WMI user account on the local machine. This account will be used to monitor the Windows machine from Nagios XI. For instance, to create a new user account called wmiagent with a password wmiagent use the command below from an administrative command prompt:
net user wmiagent wmiagent /add
We should get a response of "The command completed successfully".
Note to use a stronger password than wmiagent, as it will most likely fail the password policy requirements.
WMI requires a valid username and password on the target system. We can add only the permissions needed to the Windows user account. Some of these permissions do not need to be set if our user account is a member of the local administrator’s group.
However, from a security perspective, it is best to use an account with only the minimal required permissions.
If we wish to monitor multiple computers across the domain, instead add the user to be a member of the “Distributed Com Users”, “Event Log Readers”, “Performance Log Users” and “Performance Monitor Users” groups.
We need to give our newly created user access to DCOM on the localhost.
In order for the wmiagent user to return data remotely from WMI, access to the WMI namespace CIMV2 must be granted.
Here, we will configure the firewall rules specific to the version of windows being monitored.
1. Windows Server 2008/2012/2016 Firewall Rules
If the WMI rule group does not exist, execute the commands from the command prompt:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
2. Windows Server 2003 Firewall Rules
Here, we will look into firewall and DCOM port configuration for a 2003 Windows Server. By default, DCOM communicates with the client on a random port. So in order to write firewall rules, it also describes a specific port range.
Now that WMI has been configured on our windows machine, we can now run the Windows WMI wizard from our Nagios XI server.
In the initial step of the configuration wizard, we can provide the location of a file that contains the authentication username and password.
This provides the following advantages:
It stores credentials in one location. If we need to update the credentials, we only need to update the file and all services that use the file are immediately affected.
Admins using Core Configuration Manager will not see these credentials, they will only see the reference to the file.
To create a file, we need to establish a terminal session to Nagios XI server. This example will create a file called wmi_auth.txt inside the folder /usr/local/nagios/etc/.
Create the file by opening any text editor:
Add two lines that contain our username and password, for example:
When we have finished, save the changes and close the file.
Also, we can now close the terminal session and proceed to the following page to see how to use the authentication file in the configuration wizard.
Here we can see how the Auth File has been defined in the initial step of the configuration wizard.
It is important that the Username and Password fields above are empty to ensure the wizard correctly works.
Click Next and complete the wizard.
This article covers how to monitor Windows machines with Nagios XI using WMI.
Basically, to set up WMI monitoring with Nagios, we need to configure A WMI User Account On The Windows Machine and then set up the WMI permissions. Windows Management Instrumentation (WMI) is a technology that allows for agentless monitoring of Windows servers and workstations.
Benefits of WMI Monitoring With Nagios: