WMI Exchange Virus

WMI Exchange Virus Profile

This profile monitors Exchange Virus Services on a Windows server using Windows Management Instrumentation (WMI). Nagios Remote Plugin Executor (NRPE) is used by the Nagios server to communicate with the WMI proxy server. This proxy server queries the monitored Windows server for measurements and status using WMI.

Additionally, you may want to refer to the WMI documentation. This project consists of a collection of script monitors (.vbs for starters) that use the Microsoft .Net Framework and WMI to retrieve performance data from remote Windows hosts without the need for agents on the remote hosts.

Services Configuration
  • Service - Definitions in Monarch are stored under this name.
  • Command Line - Service command name with arguments to be passed to the plugin.
  • Plugin Command Line - Plugin script called by Nagios for this Service.
  • Extended Info - The Extended Service Info definition, typically used for generating graphs.
    Command lines displayed below are intended to be single line commands.
    Service Command Line Plugin Command Line Extended Info
    wmi_VirusScanFiles
    CleanedPersec     		check_wmi_counter_counter!Win32_
    PerfRawData_MSExchangeIS_MSExchangeIS!*!
    VirusScanFilesCleanedPersec!200!400     		$USER1$/check_nrpe -t 60 -H $USER21$ -c get_counter_counter -a "$HOSTADDRESS$" "$ARG1$" "$ARG2$" "$ARG3$" "$ARG4$" "$ARG5$" number_graph
    wmi_VirusScanFiles
    QuarantinedPersec     		check_wmi_counter_counter!Win32_
    PerfRawData_MSExchangeIS_MSExchangeIS!*!
    VirusScanFilesQuarantinedPersec!200!400     		$USER1$/check_nrpe -t 60 -H $USER21$ -c get_counter_counter -a "$HOSTADDRESS$" "$ARG1$" "$ARG2$" "$ARG3$" "$ARG4$" "$ARG5$" number_graph
    wmi_VirusScanMessages
    CleanedPersec     		check_wmi_counter_counter!Win32_
    PerfRawData_MSExchangeIS_MSExchangeIS!*!
    VirusScanMessagesCleanedPersec!200!400     		$USER1$/check_nrpe -t 60 -H $USER21$ -c get_counter_counter -a "$HOSTADDRESS$" "$ARG1$" "$ARG2$" "$ARG3$" "$ARG4$" "$ARG5$" number_graph
    wmi_VirusScanMessages
    QuarantinedPersec     		check_wmi_counter_counter!Win32_
    PerfRawData_MSExchangeIS_MSExchangeIS!*!
    VirusScanMessagesQuarantinedPersec!200!400     		$USER1$/check_nrpe -t 60 -H $USER21$ -c get_counter_counter -a "$HOSTADDRESS$" "$ARG1$" "$ARG2$" "$ARG3$" "$ARG4$" "$ARG5$" number_graph
    wmi_VirusScanQueueLength check_wmi_counter_rawcount!Win32_
    PerfRawData_MSExchangeIS_MSExchangeIS!*!
    VirusScanQueueLength!200!400     		$USER1$/check_nrpe -t 60 -H $USER21$ -c get_counter_rawcount -a "$HOSTADDRESS$" "$ARG1$" "$ARG2$" "$ARG3$" "$ARG4$" "$ARG5$" percent_graph
Profile Package

This package includes the following files:

Profile Definitions

  • service-profile-wmi-exchange-virus.xml
  • perfconfig-wmi-exchange-virus.xml

Plugins Scripts on the GroundWork Server

  • check_nrpe

WMI Scripts on the WMI Proxy Server

  • nrpe_nt.zip

Performance Graphing Programs

  • number_graph.cgi
  • percent_graph.cgi
Installation

GroundWork Monitor includes many monitoring profiles for a variety of devices, systems and applications. Profiles already imported on a new GroundWork installation include Service Ping, SNMP Network, and SSH UNIX. The GroundWork Monitor Configuration tool is used to import updated Profiles and Profiles that require additional setup; the Profile XML file and its companion Performance Configuration definition file. Services can also be imported in addition to Service Profiles in the Profile Importer. The import process is documented under GROUNDWORK PROFILES > How to import profiles.

Implementation

This section contains detail settings used by this Profile. These parameters can be altered with the Configuration tool.

Command Parameters

Command parameters are in the Configuration Services section with the following names and default values.

check_wmi_counter_counter

  • Uses check_nrpe plugin to connect to NRPE on $USER21$ and execute the get_counter_counter command as defined in the nrpe.cfg against the host $HOSTADDRESS$.
  • $ARG1$ - WMI Class Name
  • $ARG2$ - Matching Instance (* is all)
  • $ARG3$ - WMI Property for threshold comparison
  • $ARG4$ - Warning threshold
  • $ARG5$ - Critical threshold

check_wmi_counter_rawcount

  • Uses check_nrpe plugin to connect to NRPE on $USER21$ and execute the get_counter_rawcount command as defined in the nrpe.cfg against the host $HOSTADDRESS$.
  • $ARG1$ - WMI Class Name
  • $ARG2$ - Matching Instance (* is all)
  • $ARG3$ - WMI Property for threshold comparison
  • $ARG4$ - Warning threshold
  • $ARG5$ - Critical threshold
Performance Graphing Parameters

The following parameters are used to generate performance charts. These parameters are set using the Configuration>Performance tool in GroundWork Monitor.

Implementation Notes

The steps are:

  • The nrpe.cfg file on the Windows server maps commands issued by the GroundWork server to scripts in the c:\nrpe_nt directory. Commands issued by this profile are installed with this package. If new NRPE commands are added, this file must be modified. Go to the GroundWork Support Portal - GroundWork Connect at www.groundworkconnect.com and search for Installing GroundWork WMI NRPE.
  • The WMI proxy server must be in the same domain as target monitored Windows server, and must have administrator rights.
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.