Monitor Windows via WMI from Cacti on Linux

[MacGyver]

I have been using Cacti for several years for switch and router graphing but have ventured into the world of Windows. I am using CactiEZ 6 with CMD.PHP as the poller and boost disabled.

I have setup clayman's PHP scripts and can get the following response from the CLI:

[root@logos scripts]# /usr/bin/php -q /var/www/html/scripts/wmi.php 10.49.17.56 credential Win32_PerfRawData_PerfOS_Memory CommittedBytes,AvailableBytes,CommitLimit

AvailableBytes:3401351168 CommitLimit:6182998016 CommittedBytes:492158976

But my graph data never appears and I see the following error in the DEBUG of the cacti log:

02/12/2009 04:22:06 PM - CMDPHP: Poller[0] Host[20] DS[219] WARNING: Result from CMD not valid. Partial Result: U
02/12/2009 04:22:06 PM - CMDPHP: Poller[0] Host[20] DS[219] CMD: /usr/bin/php -q /var/www/html/scripts/wmi.php 10.49.17.56 credential Win32_PerfRawData_PerfOS_Memory CommittedBytes,AvailableBytes,CommitLimit , output: U
02/12/2009 04:22:06 PM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update

Cacti Host Info:

Cacti Version 0.8.7c
Plugin Architecture 2.2
Poller Type CMD.php
Server Info Linux 2.6.9-78.0.13.ELsmp
Web Server Apache/2.0.63 (CentOS)
PHP Version 5.1.6
PHP Extensions libxml, xml, wddx, tokenizer, sysvshm, sysvsem, sysvmsg, standard, SimpleXML, sockets, SPL, shmop, session, Reflection, pspell, posix, mime_magic, iconv, hash, gmp, gettext, ftp, exif, date, curl, ctype, calendar, bz2, zlib, pcre, openssl, apache2handler, gd, ldap, mysql, mysqli, PDO, pdo_mysql, pdo_sqlite, snmp, eAccelerator
MySQL Version 5.0.68
RRDTool Version 1.2.23
SNMP Version 5.1.2
Plugins Global Plugin Settings (settings - v0.5)
Large Site Performane Booster for Cacti (boost - v2.2)
Device Monitoring (monitor - v0.8.2)
Network Discovery (discovery - v0.8.5)
Network Tools (tools - v0.3)
Syslog Monitoring (syslog - v0.5.2)
Device Tracking (mactrack - v1.1)
Login Page Mod (loginmod - v1.0)
Update Checker (update - v0.4)
FlowView (flowview - v0.6)
Host Info (hostinfo - v0.2)
Error Images (errorimage - v0.1)
PHP Network Weathermap (weathermap - v0.95b)
docs
Cacti-ReportIt (reportit - v0.6.1)
Router Configs (routerconfigs - v0.1)
WMI Query (wmi - v0.1)
Realtime for Cacti (realtime - v0.35)


Any suggestions would be greatly appreciated.

[raupe]

I have been using Cacti for several years for switch and router graphing but have ventured into the world of Windows. I am using CactiEZ 6 with CMD.PHP as the poller and boost disabled.

I have setup clayman's PHP scripts and can get the following response from the CLI:

[root@logos scripts]# /usr/bin/php -q /var/www/html/scripts/wmi.php 10.49.17.56 credential Win32_PerfRawData_PerfOS_Memory CommittedBytes,AvailableBytes,CommitLimit

AvailableBytes:3401351168 CommitLimit:6182998016 CommittedBytes:492158976

But my graph data never appears and I see the following error in the DEBUG of the cacti log:

02/12/2009 04:22:06 PM - CMDPHP: Poller[0] Host[20] DS[219] WARNING: Result from CMD not valid. Partial Result: U
02/12/2009 04:22:06 PM - CMDPHP: Poller[0] Host[20] DS[219] CMD: /usr/bin/php -q /var/www/html/scripts/wmi.php 10.49.17.56 credential Win32_PerfRawData_PerfOS_Memory CommittedBytes,AvailableBytes,CommitLimit , output: U
02/12/2009 04:22:06 PM - POLLER: Poller[0] CACTI2RRD: /usr/bin/rrdtool update

[...]

Macgyver,
I haven't used CactiEZ myself, but try running the query as the user account your web server is using; e.g.

Code: Select all

sudo -u wwwrun /usr/bin/php -q /var/www/html/scripts/wmi.php 10.49.17.56 credential Win32_PerfRawData_PerfOS_Memory CommittedBytes,AvailableBytes,CommitLimit

This might give a hint on permission issues, etc. To identify the account used on your system, check your web servers config files.

[claymen]

Claymen - these look great! Any joy with an Exchange queues template ?

Thanks

Actually I do, I will post it up later today or at latest tomorrow. Just trying to get a bit of data on the graph to make sure its graphing what it should be.

[raupe]

claymen, great job on these templates.

There is one thing I've noticed with my php setup: The wmi-logins.php is echoed out instead of parsed as php causing the array logins to be missing later on. However, when appending the first line with "php" it works as expected. I'm not sure if this behavior is caused by a misconfiguration of php/apache or if it's just a security feature. However, I would appreciate if you could change line 1 of wmi-logins.php from

Code: Select all

<?

to

Code: Select all

<?php

in your svn repository.

Thanks for your great work!

[claymen]

claymen, great job on these templates.

There is one thing I've noticed with my php setup: The wmi-logins.php is echoed out instead of parsed as php causing the array logins to be missing later on. However, when appending the first line with "php" it works as expected. I'm not sure if this behavior is caused by a misconfiguration of php/apache or if it's just a security feature. However, I would appreciate if you could change line 1 of wmi-logins.php from

Code: Select all

<?

to

Code: Select all

<?php

in your svn repository.

Thanks for your great work!

Done!

<? was just short hand for <?php but from the looks of it, it is now discouraged.

[mphuie]

Can wmic query with a non-admin account? I've already verified that the non-admin account can query from Windows machines, it wont work with wmic for some reason.

I posted this in the Windows forum - http://forums.cacti.net/viewtopic.php?t=31218

[claymen]

Can wmic query with a non-admin account? I've already verified that the non-admin account can query from Windows machines, it wont work with wmic for some reason.

I posted this in the Windows forum - http://forums.cacti.net/viewtopic.php?t=31218

So you have allowed DCOM access and remote execute, allowed access to the WMI root class, and added the user to performance monitors group so that it can actually query the perfmon counters?

[mphuie]

Can wmic query with a non-admin account? I've already verified that the non-admin account can query from Windows machines, it wont work with wmic for some reason.

I posted this in the Windows forum - http://forums.cacti.net/viewtopic.php?t=31218

So you have allowed DCOM access and remote execute, allowed access to the WMI root class, and added the user to performance monitors group so that it can actually query the perfmon counters?

DCOM and WMI security are set properly. (as posted in other thread).

I'm not querying perfmon counters, just "SELECT * FROM WIN32_processor", but I did just add permissions for perfmon just for kicks and the query is still failing.

Simple powershell WMI queries work (gwmi -computername server01 win32_processor) running under the non-admin credentials work as well as wbemtest (on my windows machines)

This is the command and error:

/usr/local/bin/wmic -U "dom/cactwmi%password" //SERVER01 "SELECT * FROM WIN32_processor"

Code: Select all

Failed to bind to uuid 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 - NT_STATUS_NET_WRITE_FAULT
ERROR: dcom_create_object.
ERROR: Login to remote object.
NTSTATUS: NT_STATUS_LOGON_FAILURE - Logon failure

Swapping with administrator credentials returns a successful query.

[claymen]

Hmm that is a bit of an odd one. Really not sure assuming all the permissions are correct it should work. What is throwing me off is that your saying it works from other windows machines but with that said how are you testing that credential on the other machines? Are you logging in interactively as that user on another machine or using runas. Basically how are you ensuring that is the credential passed when testing from another windows machine?

[claymen]

And on another note.

Updated templates!

SMTP Queue & Performance for Exchange. Templates are attached and have also been added to the SVN repository.

NOTES - PLEASE READ
Associating this graph with a host template may duplicate your data sources. The two graphs utilize different portions of the same data template. E.g. the data template has multiple data sources it provides. For the best performance use only a single data template on the host and then add the graphs after and link to the now existing data sources.

I have done it this way because it only requires a single WMI query to pull the information for both graphs. This means a reduction in the number of queries that have to take place and the number of items the poller has to poll. Basically is a minimal cost in disk space to reduce the number of queries. And its probably data you want anyway.

For reference this is actually the same for a couple other templates (e.g. system calls, context switches and processor queue length and proceses etc) and all are done that way for the same reason, reducing the number of queries.

[mphuie]

Hmm that is a bit of an odd one. Really not sure assuming all the permissions are correct it should work. What is throwing me off is that your saying it works from other windows machines but with that said how are you testing that credential on the other machines? Are you logging in interactively as that user on another machine or using runas. Basically how are you ensuring that is the credential passed when testing from another windows machine?

Yes, runas /env /u:domain\cactiwmi "powershell.exe". wbemtest lets you specify credentials.

[pheezy]

Hey claymen,

Awesome job, you just saved me like 4 days worth of work! I do have a question though, how do you query WMI objects that have separate names? Like the disk names, or _Total for all of them? Thanks!

[claymen]

Generally for objects that have names where you want specific ones I have got a filter value field on the data template. So for the Disk I/O and Disk Space ones there is a Filter Value field where the drive letter goes. All this is doing is basically creating a "select columns from class where row = blah" query when searching.

Which one did you need to adjust the filter for?

[claymen]

New release 0.0.5

Mainly a template pack so if you don't need the templates don't worry about grabbing the file.

New templates as follows
* Number of Processes
* Processor Queue Length
* Per Process Stats (handles/threads + memory usage)
* Context Switchs and System Calls per sec
* Exchange Client RPC Latency
* SMTP Queue
* SMTP Performance Stats

Download is attached and plenty of example pics on my site. LINK

[argon0]

Looks like good work Claymen

Before using this, and spending time getting it to work a couple of questions:
1) has it been confirmed to work on CactiEZ?
2) Assuming it has can/how do you assign different credentials for different machines?

Argon0