Winrpe is a Windows client for the free monitoring software Nagios. This tutorial explains how to install and configure Winrpe.
Contents
  1. Installing and configuring Winrpe
  2. Command Directives
  3. Winrpe on Windows 64-bit
  4. Configuring the Nagios Server
  5. Winrpe

In the first guide we installed Nagwin on a Windows host, configured the process, and set up an additional Windows host for monitoring. In this guide we will explore how to use Winrpe - a Nagios monitoring client for Windows - to check on all kinds of server health indicators including CPU load, memory allocation, and error events in the Windows Event Log.

Installing and configuring Winrpe

Like Nagwin, Winrpe is an Open Source port of a Nagios client (nrpe) that is maintained by the folks at ITeF!x. It is available for download on SourceForge. You will need to download and install Winrpe on each Windows host you would like to monitor. The installer will ask you for the installation path and the service account Winrpe will use. The path isn’t as important but be sure to note the service account name and randomly-generated password. Once the installation is complete, you will have a new Start menu folder with entries:

  1. nrpe.cfg
  2. Web site
  3. Documentation
  4. Uninstall NRPE

You will want to open the shortcut to nrpe.cfg with your favorite text editor and being chipping away at nrpe configuration. Nrpe comes with a default configuration but you will need to tweak it according to your needs. Let’s look at the more important directives:

  • allowed_hosts: Informs nrpe of hosts that are allowed to connect to the daemon. This list should include the IP address of your Nagios server and always the loopback address, 127.0.0.1
  • command_timeout: The amount of time nrpe will try to execute a given command before it gives up, or times out. I like to use a setting of 20 seconds for newer systems and 60 seconds for older systems, but your mileage may vary.
  • connection_timeout: The amount of time nrpe will wait for a TCP connection to be established. You may want to set this to a fairly high value (60-120 seconds), especially if you are monitoring hosts across a site-to-site VPN or the Internet.
  • include and include_dir: Used for including directives (usually commands) from another file. This is great if you have a shared config file for multiple hosts; for example, you may have a shared drive at \\fileserver\winrpe\base.cfg and other clients use this base configuration. Include_dir includes all config files in a directory.

Command Directives

Command directives define commands that Nagios can use to access nrpe. The basic format is as follows:

command[ALIAS]=actualcommand.exe --params -w # -c #

The ALIAS is what Nagios will use to access your command. The actual command is placed on the right of the equals sign and indicates what the alias does. All command paths are relative to the ICW\bin folder and you will find that Winrpe pleasantly includes some useful tools in that folder.

Nrpe for Windows -Winrpe folder

Winrpe foder

  • check_nrpe: Verifies that nrpe is installed and listening on a host
  • check_pdm: Checks processor, disk, and memory
  • check_winevent: Checks Windows Event Log entries
  • check_winfile: Checks for the presence and attributes of Windows files
  • check_winprocess: Checks Windows processes
  • check_winservice: Checks Windows services

In addition, you can specify warning and critical values for each command. For example, if your command checks for error events, you might set only a critical value of 0, meaning that if your system has experienced any error events in the past 24 hours (>0) it will be marked as critical.

We will define a sample command here for CPU load since most administrators would be interested in that sort of thing.

command[pdm_cpuload]=check_pdm.exe --processor -w 50 -c 80

  • Our alias is pdm_cpudload
  • The command definition is the built-in utility check_pdm.exe
  • We have one parameter, which is processor
  • The warning level is 50 (percent)
  • The critical level is 80 (percent)

This command definition is usually included by default in your nrpe.cfg file so you can see it in action. It will check CPU load when requested, issuing a warning at 51% and a critical alert at 81%.

Once you have setup your nrpe.cfg file to your liking, go ahead and start the nrpe service through services.msc on your host. You may want to make this an automatic service.

Winrpe on Windows 64-bit

For some reason Winrpe does not play well on 64-bit Windows environments and it will eventually stop working. So, you need to create a scheduled task to execute the following batch script every 15 minutes or so (adjust as necessary):

net stop "Nrpe"      
taskkill /F /IM nrpe.exe
net start "Nrpe"

Nrpe for Windows - Restart Winrpe

Winrpe restart

As you can see, this simply stops the nrpe service, kills the associated process, and starts the service again. Not the most elegant solution, but it’s the only one that I’ve found to work!

Configuring the Nagios Server

It’s time to wire everything up. Return to your Nagios Server and navigate to the ICW\etc\nagios\nagwin directory. Open the hosts.cfg file in your text editor and find your host definition. Below the host definition we will add a new service definition for that host.

define service {

use generic-service,srv-pnp

host_name fileserver

service_description CPU load

check_command check_nrpe!pdm_cpuload

}

This will define a new service for host fileserver. The service_description is what will appear for that row in your Nagios administration server, and the check_command is the command in nrpe (on your client) that you would like to run. In this case, it’s check_nrpe!pdm_cpuload.

Finally, you will need to restart your Nagwin_Nagios service to reflect these changes. When you restart Nagios and login to the administration console, you will see the following line item in your “Services” section:

Restart Nagwin_Nagios service

Restart Nagwin_Nagios service

In the next guide we will explore Nagios notifications and contacts.

Winrpe

12 Comments
  1. itefix 11 years ago

    Thank you for a nice Winrpe guide. You may consider to link to Winrpe page (http://www.itefix.no/i2/winrpe) at Itefix for more information. In addition Itefix’s official download page http://www.itefix.no/i2/download is a better start for download: You get access to the latest version plus other tools. Keep up the good work.

    Itefix, Winrpe maintainer

  2. Thanks! I added the link to the post.

  3. Soeren P 11 years ago

    Has the errors with winrpe on Windows x64 been fixed? Or is there another solution which doesn’t require a taskkill every 15 minutes? Cause that’s not a very nice solution…

  4. Author
    Justin Shin 11 years ago

    @Soeren P:

    Unfortunately I have not heard any word about a fix for x64. The taskkill is a pretty ugly solution but it has worked for me without creating any dangling processes. Use with caution of course.

  5. Nagios 11 years ago

    Why not use NSClient++ (nscp)? There is a x64 client.
    http://www.nsclient.org/nscp/downloads

  6. itefix 11 years ago

    Increasing timeout value may help in some situations. See a related Itefix forum post http://www.itefix.no/i2/node/12754 for some tips.

    In the meantime, I am preparing version Winrpe 4.0 which uses inetd daemon, offloading nrpe for handling of connections.

  7. itefix 11 years ago

    Winrpe version 4.0.0 is released with a completely new design (uninstallation of previous versions is required) and several sources gave positive feedback.

    Last version can be grabbed from

    https://www.itefix.no/i2/winrpe

    ITeF!x

  8. Babun 11 years ago

    There’s also the option to just use the built-in SNMP services in windows and use nagios plugins to monitor windows hosts through snmp. This is how I do it.

  9. Anand 11 years ago

    Hi, I have installed Nagwin for monitoring windows servers on windows 2008 32 bit box. Is there a dynamic way that I can add all the windows servers from Active directory to Nagwin hosts.cfg file.

    Thanks & Regards
    Anand

  10. Author
    Justin Shin 11 years ago

    @Anand, you can script this and run it on some time interval. Using PowerShell, you can use something like the following:

    $o = New-Object System.DirectoryServices.DirectorySearcher
    $o.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
    $o.Filter = (“OperatingSystem=Window*Server*”)
    $o.PropertiesToLoad.Add(“Name”) | Out-Null

    $results = $o.FindAll()

    foreach ($r in $results) {
    // write out $r.Properties.name to your hosts.cfg file in correct format
    }

    … format as needed to use in your hosts.cfg file. You can find info about querying AD from : http://technet.microsoft.com/en-us/library/ff730967.aspx

  11. manmig 9 years ago

    hi,

    how do i know if winrpe is running on win2012 64bit. how do i run it?

  12. alden 8 years ago

    First, thanks for sharing.
    I have a question, I just need to add a few linux hosts just to get the uptime report (system availability), not for local monitoring.
    I can’t install NRPE daemon on SuSe linux, is there a way to add the hosts in and get the report?
    thanks………

Leave a reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account