Administration Guide

  • Docs Home
  • Community Home

6. Monitoring Windows Devices

6.1. Device Preparation for Windows Devices

Before you can monitor Windows devices with Zenoss, you must ensure that:

  • DCOM is enabled for WMI connections

  • SNMP agent is enabled

    If your system is running Windows Vista, for example, follow these steps to see if the SNMP agent is enabled:

    1. From the Start menu list, right-click Computer, and then select Manage from the list of options.

    2. From the Computer Management panel navigation area, expand Services and Applications, and then select Services.

      The Services list appears.

    3. Locate the listing for SNMP Service. If it does not show a status of "Started," then click Start (the service).

      Note

      If SNMP Service does not appear in the list, then you may have to enable the SNMP feature (from the "Turn Windows features on and off" selection in the Control Panel).

SNMP Informant

Optionally, you can use SNMP InformantTM to collect CPU, memory, and disk I/O statistics. SNMP Informant agents collect information from Windows devices via WMI on the server where they are installed, and then convert system, state, and operational data into SNMP OIDs for broadcast. Zenoss can then process the SNMP OID information and generate events and alerts based on this information. See the section titled Monitoring Windows Performance with SNMP Informant (in this chapter) for more information.

Note

If you are using Zenoss Enterprise, SNMP Informant is not needed (its functionality is included in these versions).

6.2. Setting Windows zProperties

You must set the following zProperties to collect information from Windows servers. In Zenoss, navigate to the zProperties for each device, and then set the appropriate values for:

  • zWmiMonitorIgnore - Tuns on or off all WMI monitoring. Set the value of Ignore to False to turn on Windows monitoring.

    Zenoss recommends that you set this zProperty at the Server/Windows class level, so that any device placed in this class has Windows monitoring automatically enabled.

  • zWinUser - Must be set as the local admin. The format for zWinUser is:

    • .\Username - The format to use when the account is a local account.

    • DOMAIN\Username - The format for a Domain account.

  • zWinPassword - Enter the password used to remotely log in to the Windows machine.

6.3. Testing WMI on a Windows Server

Follow these steps to test the WMI connections on the Windows server:

  1. Run wbemtest.

  2. Click “Connect…”

  3. In the Namespace field, enter:

    \\HOST\root\cimv2

  4. Enter login information in the User and Password fields.

  5. Click Query.

  6. Enter “select * from win32_service” to return a dialog with a list of services on the device.

6.4. Optional Windows Configuration

Zenoss can gather additional, detailed OS and hardware information from Windows devices if you have these agents installed on your Windows device:

  • Dell Open Manage Agent

  • HP Insight Management Agent

6.5. Modeling Services on Windows Devices

Zenoss uses ZenWin to perform Windows Service Monitoring over WMI. ZenWin monitors the up and down availability of Windows services.

The WinServiceMap WMI plugin is included in zCollectorPlugins on the /Server/Windows device class. WinServiceMap retrieves all services that can be monitored on a device, regardless of whether it is up or down.

Windows services are (by default) not monitored. To monitor a specific Windows service, follow these steps:

  1. In Zenoss, navigate to the Windows device, and then click the OS tab.

  2. Click the service you want to monitor, and then set the vale of monitor to True.

    Note

    If you do not see the service you want to monitor in the list, then you can add it. Select Add WinService from the WinServices table menu.

6.6. Collecting Windows Eventlog Events

Zenoss uses ZenEventlog to collect WMI event log events. Enable the following zProperties to define how Windows event log events are processed and monitored:

  • zWinEventLog - Tells Zenoss whether or not to read the event log into the system.

  • zWinEventLogMinSeverity - Sets the minimum severity to collect from the Windows event log. The lowest number indicates the highest severity (1 is the most severe; 5 is least severe).

6.7. Monitoring Windows Performance with SNMP Informant

Zenoss can use information from SNMP Informant to collect SNMP information from Windows devices.

Install the free version of SNMP Informant from this location:

http://www.snmp-informant.com

To make sure SNMP Informant is running and set up correctly, run this command to walk the SNMP Informant MIB:

snmpwalk -v1 -c<community> <server> 1.3.6.1.4.1.9600

This command will return some performance information if SNMP Informant is configured and running correctly.

Once this is configured properly, Zenoss gathers and uses SNMP information the same as any other device sending SNMP traps.

6.8. Running winexe Commands on Windows Servers

You can use winexe commands to run commands on monitored Windows servers from within Zenoss.

Usage:

$ZENHOME/bin/winexe [options] //host [command]
OptionsUse
--uninstallUninstall winexe service after remote execution.
--reinstallReinstall winexe service before remote execution.
--systemUse SYSTEM account.
--runas=[DOMAIN\]USERNAME%PASSWORDRun as user (IMPORTANT! password is sent in cleartext over net).

Help OptionsUse
-?, --helpShow this help message.
--usageDisplay brief usage message.

Common samba optionsUse
-d, --debuglevel=DEBUGLEVELSet debug level.
--debug-stderrSend debug output to STDERR.
-s, --configfile=CONFIGFILEUse alternative configuration file.
--option=name=valueSet smb.conf option from command line.
-l, --log-basename=LOGFILEBASEBasename for log/debug files.
--leak-reportenable talloc leak reporting on exit.
--leak-report-fullenable full talloc leak reporting on exit.
-V, --versionPrint version.

Connection OptionsUse
-R, --name-resolve=NAME-RESOLVE-ORDERUse these name resolution services only.
-O, --socket-options=SOCKETOPTIONSSocket options to use.
-n, --netbiosname=NETBIOSNAMEPrimary netbios name.
-W, --workgroup=WORKGROUPSet the workgroup name.
--realm=REALMSet the realm name.
-i, --scope=SCOPEUse this Netbios scope.
-m, --maxprotocol=MAXPROTOCOLSet max protocol level.

Authentication OptionsUse
-U, --user=[DOMAIN\]USERNAME[%PASSWORD]Set the network user name.
-N, --no-passDo not ask for a password.
--password=STRINGPassword
-A, --authentication-file=FILEGet the credentials from a file.
-S, --signing=on|off|requiredSet the client signing state.
-P, --machine-passUse stored machine account password (implies -k).
--simple-bind-dn=STRINGDN to use for a simple bind.
-k, --kerberos=STRINGUse Kerberos.
--use-security-mechanisms=STRINGRestricted list of authentication mechanisms available for use with this authentication.