Monitor Windows via WMI from Cacti on Linux

[claymen]

Ok. So I figured the problem out. I apparently had an extra blank line at the end of the wmi-logins.php file which caused the first line of output from wmi.php to be blank. Removing that fixed everything right up.

Thanks for the great script and templates. I will be sure and post new ones back here.

That would explain it, it would treat that as simply an extra line in the output but cacti on the other hand is pretty particular about its input.

[llow]

Right that is my entiire problem. I don't want to have to have users in the Administrators group just to perform WMI calls.

Try This:

User belongs to following domain wide groups:
- Domain Users
- Performance Log Users
- Performance Monitor Users
On the local machine add the user to the Distributed COM Users group
On the local machine make sure the user has rights to the WMI Control and all sub namespaces.

Working for me once I did this.

This particular server I'm using is not part of a domain but I added Performance Log Users, Performance Monitor Users, Distributed COM Users, added user rights to Root and all its namespaces but still get 0x80041001 (WBEM_E_FAILED).

If its such a pain in 2003 I can't imagine the problems I'll have securing 2000.

[claymen]

That should in theory work as its what we did initially to use a non-admin credential. Add the domain user to the local machines Performance Log Users Performance Monitor Users groups and then update the other settings as mentioned. It worked ok except on our 2003 SQL cluster (2003 OS 2008 SQL) where some of the local disks would routinely disappear until an admin ran the query. In the end using an admin credential with a gigantic password ended up being the solution. The account was locked down though, through group policy we deny it everything except to be able to run as a service effectively meaning it can only be used to access WMI and you can't log in as that user.

[claymen]

If anyone wants to give a new version a try grab rev 41 from the SVN repository.

Shortcut to file

The main changes are output processing to remove spaces and replace with underscores else cacti freaks out when returning exchange store names. And a new debug setup. $dbug can be set to 0 (off) 1 (display basic) 2 (log detailed). I've been using level 2 to log detailed output when debugging a query so it may be useful to you guys.

Let me know your mileage.

[llow]

Something I ran into. You might want to modify the wmic source code to use a different separator. The standard | (pipe) can cause problems as windows likes to use it in some cases (for example Win32_OperatingSystem). I personally have switched it to using `.

Life would be so much easier if I didn't have to manage any windows servers at all. Sigh...

[claymen]

Something I ran into. You might want to modify the wmic source code to use a different separator. The standard | (pipe) can cause problems as windows likes to use it in some cases (for example Win32_OperatingSystem). I personally have switched it to using `.

Life would be so much easier if I didn't have to manage any windows servers at all. Sigh...

What specifically are you having issues with in Win32_OperatingSystem?

I ran count(explode('|',$input)) over the Names and the Values returned and they always came out the same number with no problems. And I didn't see anything that could cause problems except for the usual special characters that bash might not play friendly with.

[llow]

Something I ran into. You might want to modify the wmic source code to use a different separator. The standard | (pipe) can cause problems as windows likes to use it in some cases (for example Win32_OperatingSystem). I personally have switched it to using `.

Life would be so much easier if I didn't have to manage any windows servers at all. Sigh...

What specifically are you having issues with in Win32_OperatingSystem?

I ran count(explode('|',$input)) over the Names and the Values returned and they always came out the same number with no problems. And I didn't see anything that could cause problems except for the usual special characters that bash might not play friendly with.

CLASS: Win32_OperatingSystem
Name
Microsoft Windows 2000 Advanced Server|C:\WINNT|

The value of Name has pipes in it.

[claymen]

CLASS: Win32_OperatingSystem
Name
Microsoft Windows 2000 Advanced Server|C:\WINNT|

The value of Name has pipes in it.

Interesting... I can't replicate it here as we don't have any 2000 machines that can easily be WMI queried (firewalls). I've not come across the problem on any of our 2003/2008 servers. Nice find though I could code in a workaround to save the hassle of adjusting the source code to wmic if its easier? Also do you mind posting where in wmic you adjusted it, might be worth noting here for anyone who wants a workaround

[llow]

CLASS: Win32_OperatingSystem
Name
Microsoft Windows 2000 Advanced Server|C:\WINNT|

The value of Name has pipes in it.

Interesting... I can't replicate it here as we don't have any 2000 machines that can easily be WMI queried (firewalls). I've not come across the problem on any of our 2003/2008 servers. Nice find though I could code in a workaround to save the hassle of adjusting the source code to wmic if its easier? Also do you mind posting where in wmic you adjusted it, might be worth noting here for anyone who wants a workaround

Code: Select all

--- Samba/source/wmi/wmic.c     (revision 11717)
+++ Samba/source/wmi/wmic.c     (working copy)
@@ -214,13 +214,13 @@
                                class_name = talloc_strdup(ctx, co[i]->obj_class->__CLASS);
                                printf("CLASS: %s\n", class_name);
                                for (j = 0; j < co[i]->obj_class->__PROPERTY_COUNT; ++j)
-                                       printf("%s%s", j?"|":"", co[i]->obj_class->properties[j].name);
+                                       printf("%s%s", j?"`":"", co[i]->obj_class->properties[j].name);
                                printf("\n");
                        }
                        for (j = 0; j < co[i]->obj_class->__PROPERTY_COUNT; ++j) {
                                char *s;
                                s = string_CIMVAR(ctx, &co[i]->instance->data[j], co[i]->obj_class->properties[j].desc->cimtype & CIM_TYPEMASK);
-                               printf("%s%s", j?"|":"", s);
+                               printf("%s%s", j?"`":"", s);
                        }
                        printf("\n");

[claymen]

If anyone is looking for exchange monitors I'll have a decent set of templates available soon. See below for a look at a test version I have had running for a while now. The stats can be pulled per database and also I do have a working (approximate) trending line which I may include.

Please note though this test one below is using the messages per minute gauge rather than the messages counter which would provide more accurate measurements (and be per sec instead of per min). The new one I have not got pics of uses the correct counter and the curves are pretty close except this ends up more accurate.

Stay tuned

[apperrault]

Are these for Exchange 2003 or 2007?

They look good

app

[claymen]

Are these for Exchange 2003 or 2007?

They look good

app

2003 at this stage, we haven't deployed 2007.. yet. In any case they *should* be the same for 2007 but as I don't have a test server I can't tell you for sure.

I'm trying to work out the best way to display the queue length rather than have it on the messages/per sec graph per store and we are also looking to monitor the number of active logons per store to keep an eye on things. Because we have quite a few stores a single line graph for each store would be excessive so tempted to combine 4-5 stores active logons onto one graph and do a couple of those... might have to dig around and see what others did to display it and get some idea's.

In any case I have the groundwork in place to get the data just need to display it and migrate over my old graphs to the this script as I had previously written a custom one specifically for exchange some time ago. Below is what I have been tweaking this morning.

[claymen]

Here is what we have now.

I have attached the two exchange templates. With the active logons you'll probably want to do what I have done and create the graph with the template then change the graph itself to have no template allowing you to name each input. It is also per database which might be useful to track what store has the most active users etc.

I'm not sure of any other way to do this to get the right names against each one (short of a data query).

You will need the latest trunk version of wmi.php as it replaces spaces with underscores to prevent any unpleasantness from the database names themselves breaking cacti's input

click here for the current revision (43) wmi.php from svn

[zuvbir]

claymen, This code is sweet. Thanks for sharing.

Couple of questions:

1)

I'm attaching two graphs. NTDS DS / NTDS Auths

The NTDS DS graph looks correct but the Writes line shows values of
377.62 m and 416.22 m

I don't understand these values. I don't see CDEFs and I don't anything about rrd to figure it out.


2)
All graphs are working for me except MEMORY. No graph is produced at all. I suspect missing/bad CDEF based on your other posts. But don't hav a clue where to begin. Suggestions?Show debug for the data source shows data pulled.

**********
/usr/bin/rrdtool create \
/var/lib/cacti/rra/adams_availablebytes_73.rrd \
--step 300 \
DS:AvailableBytes:GAUGE:600:0:100000000000 \
DS:CommitLimit:GAUGE:600:0:100000000000 \
DS:CommittedBytes:GAUGE:600:0:100000000000 \
RRA:AVERAGE:0.5:1:500 \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:500 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 \
RRA:MAX:0.5:24:775 \
RRA:MAX:0.5:288:797 \

******************


Thanks again CLAYMEN. [/b]

[zuvbir]

sorry for the lame post. Found answer to both my questions.

Thanks again