Monitor Windows via WMI from Cacti on Linux

[claymen]

Yer the package was only available for a short time and even the debian one had it removed. The early debian/ubuntu packages were all a version which had some problems with a bunch of the WMI classes so were not that useful.

Better off to grab the source from the zenoss deb pages, pretty sure I put a link in the readme of my source package. Then if your using debian/ubuntu just do a apt-get build-dep samba to grab all the dependancies.

[fredyap1234]

Hi Claymen,

Thank you for your prompt reply. I've looked at your readme file during and after setup and found that there's no link to the debian package.

I've also had a look at Zenoss sourceforge page and Zenoss SVN page at http://dev.zenoss.org/trac/browser and I still can't find any debian packages for WMI.

Could please be kind enough to point me to the link where I can download them?

Much thanks.

EDITED

Found it at https://launchpad.net/ubuntu/jaunty/i38 ... 1:0.1.12-1

Sorry for going through the thread pages properly. Managed to install the debian package and update samba dependency. Will continue troubleshooting now.

EDITED #2

Hi there,

I tried to execute this line on the terminal and got this error

Code: Select all

root@fred-desktop:/usr/bin# /usr/bin/php -q /usr/share/cacti/site/scripts/wmi.php -h 'XXX.XXX.XXX.XXX' -u '/etc/cacti/cactiwmi.pw' -w 'Win32_ComputerSystem' -n '' -k '' -v '' -c 'TotalPhysicalMemory'
NTSTATUS: NT_STATUS_ACCOUNT_RESTRICTION - Account restriction


Return code non-zero, debug mode enabled!



/usr/local/bin/wmic --namespace='root\CIMV2' --authentication-file=/etc/cacti/cactiwmi.pw //XXX.XXX.XXX.XXX "SELECT TotalPhysicalMemory FROM Win32_ComputerSystem"
Exec Status: 1

Is it safe to say that I would have to configure my RPC privileges?

Kind regards and thanks in advance.

[claymen]

I didn't mean that there were more up to date deb packages, I meant that you need to use the source and build it yourself because the deb packages were old and had some critical bugs. From the look of that your running 1.12 which from memory is really really old.

You won't find deb packages on the zenoss site mate. But you will find the latest source code for building the wmic binary yourself.

This is the latest source, as you can see a much newer version.
http://dev.zenoss.org/svn/trunk/inst/ex ... .9.tar.bz2

Rough build guide is included in the readme.txt on my svn, also do a apt-get build-dep samba (pretty sure that's it) to grab ALL the dependant packages it needs to build.
http://svn.parkingdenied.com/filedetail ... readme.txt

[DWAyotte]

[JorisFRST]

If your account is not a local admin one you need to give it rights to wmi and to read it remotely. I can post the details tues when im at work.

[fredyap1234]

If your account is not a local admin one you need to give it rights to wmi and to read it remotely. I can post the details tues when im at work.

Hi Joris and Claymen

Thanks for your prompt reply.

I will try to rebuild my wmic once I'm back at work on Monday. Thanks heaps claymen.

As per my understanding of the readme file, I have set my RPC services to log on using Local System account (for simplicity sake) and my cactiwmi.pw contains username, password and domain of the Windows machine local system account.

Are these correct?

[fredyap1234]

Hi guys,

I've finally managed to get graphs from Windows machine.

Credits to all who have helped me and of course to Claymen for the wonder scripts and templates. You guys are the best.

I'm running Cacti on Ubuntu 10.04 on an old Pentium 4 2.8 GHz with 2GB ram. One of those old, out of service DELL Poweredge workstation server. Monitoring Windows Server 2003.

Here's all my bookmarks on how to install Cacti+WMI on Ubuntu.

Setting up SNMP on Ubuntu - http://www.debuntu.org/how-to-monitor-y ... -and-cacti

Installing Cacti on Ubuntu - http://www.ubuntugeek.com/install-and-c ... erver.html

Building Samba dependencies -

Code: Select all

sudo apt-get build-dep samba

WMIC source that works with Ubuntu 10.04 - http://dev.zenoss.org/svn/trunk/inst/ex ... .9.tar.bz2

Compiling WMIC binary from scratch - http://svn.parkingdenied.com/filedetail ... readme.txt

Installing claymen's CactiWMI - refer to the readme.txt or http://svn.parkingdenied.com/filedetail ... readme.txt

Remote WMI permission on Windows Server 2003 - http://serverfault.com/questions/28520/ ... e-machines

Enabling SNMP on Windows Server 2003 - http://articles.techrepublic.com.com/51 ... 76828.html

Configuring SNMP for Windows Server 2003 - http://www.poorperformance.com/wiki/ind ... All_OS.27s

Few of my personal opinion

1) If you're new to this, it's best that you try it out on a clean machine with a fresh installation of Linux.

2) Guides up there are pretty straight forward. Improvise a bit to your personal preference.

3) Get your directories correct and do not follow exactly as per the readme files. Different Linux distro has different directory structure. Use 'locate' as much as possible to find out more about where you should place certain files.

3) Remember to set your Cacti logs to 'Debug' mode once you have installed Cacti. This will give you extra information as to what has gone wrong, etc.

4) Once you've configured Cacti and SNMP on Windows machine, try creating basic graphs that are available by default on Cacti such as network traffic, processes, user logged in etc. These graphs does not require WMI. They should give you an idea if your Windows machine is responding appropriately to SNMP.

5) Google, google and google. Don't forget to search the forum as well.

I wish you guys best of luck if you're attempting this.

[DWAyotte]

Hello everyone. I am trying to get these awesome graphs going, but am having issues.

I have just 1 host setup right now for making sure everything works before I add more. As it stands right now my graphs are created but they do not show any data, just nan for all values. I read through the entire post and I did some of the things mentioned, such as updated CDEFs. Here is my setup.

CentOS 5.5
Cacti 0.8.7f (CMD.php)
RRDTool 1.4.3
WMIC 4.0.0alpha3-GIT-UNKNOWN

Here is what my CDEFs look like
WMI - Disk I/O cdef=a,b,+
WMI - Disk Used cdef=a,CURRENT_DATA_SOURCE,-
WMI - Memory cdef=b,c,-
WMI - Percentage Ratio cdef=a,b,/,100,*

All of my graph debugs are: ok

I can run all the wmic commands successfully as well.

At this point I am not sure what else to try, it was a long read and it is certainly possible I missed something and I apologize if that is the case, but I was hoping I could get a little help, it feels like I am really close and these graphs are awesome!
thanks a ton.

EDIT1** I forgot to mention that this shows up in my Console -> Utilities -> View Cacti Log File for what seems to be all of my graphs related to these templates.
05/26/2010 05:55:09 AM - CMDPHP: Poller[0] Host[5] DS[51] WARNING: Result from CMD not valid. Partial Result: U

[APS]

Hello everyone. I am trying to get these awesome graphs going, but am having issues.

I have just 1 host setup right now for making sure everything works before I add more. As it stands right now my graphs are created but they do not show any data, just nan for all values. I read through the entire post and I did some of the things mentioned, such as updated CDEFs. Here is my setup.

CentOS 5.5
Cacti 0.8.7f (CMD.php)
RRDTool 1.4.3
WMIC 4.0.0alpha3-GIT-UNKNOWN

Here is what my CDEFs look like
WMI - Disk I/O cdef=a,b,+
WMI - Disk Used cdef=a,CURRENT_DATA_SOURCE,-
WMI - Memory cdef=b,c,-
WMI - Percentage Ratio cdef=a,b,/,100,*

All of my graph debugs are: ok

I can run all the wmic commands successfully as well.

At this point I am not sure what else to try, it was a long read and it is certainly possible I missed something and I apologize if that is the case, but I was hoping I could get a little help, it feels like I am really close and these graphs are awesome!
thanks a ton.

EDIT1** I forgot to mention that this shows up in my Console -> Utilities -> View Cacti Log File for what seems to be all of my graphs related to these templates.
05/26/2010 05:55:09 AM - CMDPHP: Poller[0] Host[5] DS[51] WARNING: Result from CMD not valid. Partial Result: U

I ran into this exact same problem and discovered that wmi.php requires an IP address for the host and not a hostname. Change the hostname to an IP address in the device settings and see if that fixes the issue.

[DWAyotte]

I ran into this exact same problem and discovered that wmi.php requires an IP address for the host and not a hostname. Change the hostname to an IP address in the device settings and see if that fixes the issue.

Thanks for the suggestion, it didn't seem to change anything for me
I let ~5 polls go by and still all values are nan.
any other ideas?

[claymen]

I've not seen it fail with a hostname, we used them at one of my previous workplaces. IP's were easier as it shortcuts some of the auth methods but an FQDN etc should work.

[fredyap1234]

Hi claymen and fellow users,

Has anyone tried this over SSH tunnels? I recently tried out monitoring remote machines via SSH following this guide.

I created a SSH tunnel to my Windows test machine via SSH port 43000. Under Cacti devices I configured my hostname as tcp:127.0.0.1 and SNMP port as 16000. I can perform snmpwalk from Cacti server to Windows machine and graph a simple network traffic graph.

WMI graphs however does not work.

I tried running this query, shown on Cacti Debug log.

Code: Select all

/usr/bin/php -q /usr/share/cacti/site/scripts/wmi.php -h 'tcp:127.0.0.1' -u '/etc/cacti/cactiwmi.pw' -w 'Win32_PerfRawData_PerfOS_Memory' -n '' -k '' -v '' -c 'CommittedBytes,AvailableBytes,CommitLimit', output: U

And got

Code: Select all

NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT

When I try running this WMIC query

Code: Select all

/usr/local/bin/wmic --namespace='root\CIMV2' --authentication-file=/etc/cacti/cactiwmi.pw //tcp:127.0.0.1 "SELECT CommittedBytes,AvailableBytes,CommitLimit, FROM Win32_PerfRawData_PerfOS_Memory"

I got these error message

Code: Select all

Unknown dcerpc transport 'tcp'
ERROR: Login to remote object.
NTSTATUS: NT_STATUS_IO_TIMEOUT - NT_STATUS_IO_TIMEOUT

Any idea what went wrong?

On the other note, I found the following under wmi.php

Code: Select all

$host = $args['h']; // hostname in form xxx.xxx.xxx.xxx

Does that mean that this script will only run on IP format (i.e. 192.168.1.111)?

Thanks in advance and appreciate your feedbacks.

[claymen]

You will have issues with this purely because of how rpc works. Basically the client connects to the host via port 135 from memory and asks to connect, the server responds with a port saying connect here, this is allocated out of a range of ports depending on the server's OS. e.g. 2008 uses 49xxx+ if I recall and 2003 uses 1025-5000. So yer you will have issues with this unfortunately

[delinquent]

Hey Guys,

I've got a interesting problem with the WMIC client and it using the --authentication-file option.

The Setup:
OS: Debian Testing
Cacti Version 0.8.7e
Cacti OS unix
SNMP Version NET-SNMP version: 5.4.3
Apache Version Apache/2.2.15 (Debian)
WMIC 1.3.10

I setup WMIC to monitor a clients new Win2k8 boxes but cacti wasn't getting any results after a little digging this is what i found, If i use the --authentication-file option it gives me access denied. If however I specifiy the user/pass in the command it works.

Code: Select all

HQ-GW01:~# wmic --authentication-file=/etc/cacti/dre.pw //perhq-dc01.dre.local "select * from Win32_ComputerSystem"
NTSTATUS: NT_STATUS_ACCESS_DENIED - Access denied
HQ-GW01:~#wmic -U administrator@dre%<passwordxxx> //perhq-dc01.dre.local "select * from Win32_ComputerSystem"
CLASS: Win32_ComputerSystem
AdminPasswordStatus|AutomaticManagedPagefile|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported|BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|DNSHostName|Domain|DomainRole|EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo|Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray|PartOfDomain|PauseAfterReset|PCSystemType|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState|PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay|SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup
1|True|True|True|3|3|True|Normal boot|PERHQ-DC01|3|Win32_ComputerSystem|480|False|AT/AT COMPATIBLE|PERHQ-DC01|DRE.local|4|True|3|False|NULL|(null)|3|(null)|VMware, Inc.|VMware Virtual Platform|PERHQ-DC01|(null)|True|2|2|NULL|([MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],Welcome to the Virtual Machine)|True|3932100000|0|NULL|False|0|0|3|(null)|Windows User|1|-1|-1|(LM_Workstation,LM_Server,SQLServer,Backup_Domain_Controller,Timesource,Print,DialIn,NT,DFS)|OK|NULL|0|NULL|0|x64-based PC|3|5367238656|DRE\Administrator|6|(null)
HQ-GW01:~#

And after some additional checking even smbclient wont let me us the auth file. I've tripple checked the dre.pw file and its got the correct details in it.

username=administrator
password=<passwordxxx>
domain=dre

Anyone got any idea's?

Cheers
Chris

[claymen]

Can't say I've seen that before. Not sure to be honest, does the user running wmic have permission to read the password file? That's about all I can think of.