Friday, February 28, 2014

Opsview Email "From" / Reply To Address

One of the first things I noticed when setting up alerts from Opsview was that there isn't a quick easy method for changing who the emails come from.  (seems so basic to me)

  1. Change the user info
    1. chfn nagios
    2. in particular you want the Full Name.
  2. Setting the @domain.local took me as a non-linux guy awhile to find.  I did find a LOT of conflicting / wrong info on this though.
    1. The appliance at least has "postfix" out of the box
    2. cd /etc/postfix/
    3. nano
    4. scroll down to the bottom
    5. modify "myhostname" with what you want the @domain.local to say
    6. if you didn't earlier change the relayhost to your smtp server
    7. Ctrl X to end, Y to save, just hit Enter to keep the same file name.
    8. postfix reload (restarts the service)
    9. Mine comes back as "Alerts" from  (I couldn't find where to change it from nagios, and didn't care to spend the time on it)

Note: I also just found this which "helped", but wasn't completely correct as I found that myorigin and mydomain did not do what I would have expected.

Remote WMI security via GPO

I recently wanted to create a limited access user account for accessing WMI remotely on servers. 
I came across this blog post for deploying the WMI security via GPO and a script.

Unfortunately this wasn't the entire pictures for me with either Server 2008 R2 or 2012.  (in addition I found that it's important to ensure that propogation is set properly before deploying)

To get it to work for me I had to do the following extra steps:
  1. When setting the security, in order to get propagation, I had to click add permissions via the following steps
    1. Do this before you retrieve the security descripter
    2. Click Security Tap
    3. select the level (ie root)
    4. click Security
    5. click Advanced
    6. Click Add
    7. ensure that the Apply to: is set to "This namespace and subnamespaces" is selected
  2. I also had to put the user in the "Performance Log users" security group.  This can be done in GPO or at the local level.  For GPO:
    1. Open GPO and select the policy that you want this in
    2. Under Computer Configuration - Policies - WIndows Settings - Security Settings - Restricted Groups
    3. Right click and add
    4. "Performance Log Users"
    5. In members of this group add your WMI user
    6. gpupdate /target:computer on a server that it's linked to.

Performance Log Users

Note: Performance Log Users have more permissions than Performance Monitor Users.  I tried using just the Performance Monitor Users group without success.

Wednesday, February 26, 2014

Opsview Core Agentless WMI Setup

Recently I set to building Opsview Core setup to monitor my network.  I had found this really nifty setup here: written by awesome spicer Jamin289.

Unfortunately along the way I found that for a non-Linux person like me it left some of the installation steps for me to stumble through.  I don't know linux at all, so some of the below may be obvious, but it wasn't to me so I included everything I could.  This includes adding in WMI for agentless checks :)

Very important to follow the steps to the T, as a lot of this has prerequesites.  Remember CaSE SensiTiVE (if you don't use the right case on some of the setup then an error can occur that requires digging in config files to fix)

NOTE: For logging out of opsview I found that I couldn't with IE v9, the screen was flaky.  But, I could with Firefox.  On the flip side of that I found that editing the Nagvis maps SUCKED in Firefox, but worked great in IE v9.  HAHA, have fun.

I did this with the Opsview Core Appliance v4.4
  1. Import the appliance
  2. Log into the appliance with conf / conf
  3. 'sudo su' to get to root access
  4. Change the IP address with netconf
  5. use 'passwd' to change the password of conf
  6. Download the gadgets you want and install (download from the link in the spiceworks guide)
    1. extract the contents
    2. Use winscp.exe and login with the conf user
    3. copy all the gadget files to the conf users directory
    4. go to the opsview appliance console and ensure you're at root still
    5. run the following:
      1. cp /home/conf/scale_thermometer.php /user/local/nagios/nagvis/nagvis/gadgets/
      2. cp /home/conf/rawWords.php /user/local/nagios/nagvis/nagvis/gadgets/
      3. cp -r /home/conf/rawWords /user/local/nagios/nagvis/nagvis/gadgets/
  7. Skip the section about Installing the opsview Agent Install, remember we're going agentless with WMI!
  8. Now we need to install WMI options
    1. First we need autoconf, Type 'apt-get install autoconf'
    2. Next we need C Compiler, Type 'apt-get install gcc'
    3. Now we need WMI (
      1. type 'cd /tmp/'
      2. 'wget'
      3. 'tar xzvf wmi-1.3.14.tar.gz'
      4. cd wmi-1.3.14
      5. make
    4. Now we test WMI
      1. wmic -U computername/administrator%adminpassword //computername "select * from Win32_ComputerSystem"
      2. You should get WMI info back on that system.
    5. Now we'll install to the nagvis location (so that it shows in the dropdown list)
      1. cd /usr/local/nagios/libexec
      2. wget
      3. tar xzvf check_wmi_plus.v1.54.tar.gz
      4. Reset permissions: (remember, I'm not that great at linux, so probably a better way to do this)
        1. chmod -R 555 check_wmi_plus*
        2. chown -R nagios check_wmi_plus*
        3. chgrp -R nagios check_wmi_plus*
        4. ls -la check_wmi_plus.* (shows the permissions)
      5. Now we need some extra CPAN modules (Perl) otherwise we'll see "Can't locate Number/" with the nagios plugins and other like errors. This may not all be required, idk. 
        1. cpan Statistics::Basic
        2. cpan Config::IniFiles
        3. yes anytime it prompts
        4. cpan Module::Build
        5. yes anytime it prompts
        6. cpan (to get to cpan shell)
        7. force install DateTime
        8. yes anytime it prompts
        9. q (to quit cpan shell)
        10. cpan Getopt::Long
        11. cpan Data::Dumper
        12. cpan Scalar::Util
        13. cpan Number::Format
        14. cpan ExtUtils::Config
        15. cpan ExtUtils::Helpers
        16. cpan ExtUtils/InstallPaths
        17. cpan TAP::Harness::Env
        18. cpan Module::Build::Tiny
        19. cpan Package::Stash
        20. yes anytime it prompts
        21. cpan CLass::Load
        22. cpan Storable
      6. Now we can test :)
        1. /opt/nagios/bin/plugins/ -m checkcpu -H computername -U computername/administrator -P password
        2. Run it again.  Should get cpu average on second run.
      7. Cleanup!
        1. rm check_wmi_plus.v1.54.tar.gz
        2. cd /
        3. cd /tmp/
        4. rm cwpss_checkcpu_SMonitor___.state
  9. Open opsview
  10. login to opsview with admin / initial
  11. In the top right corner click admin
  12. Change the Admin password  (note: I found that Firefox works best for opsview)
  13. Go to Settings - Service Checks
    1. Click + to add
    2. We'll do a test for Average CPU Utilization
    3. Name: Average CPU Utilization
    4. Server Group = enter a new one called "OS - Windows Agentless WMI" or whatever you want to group your WMI checks by.
    5. Check Period: 24x7
    6. Plugin:
    7. Arguments: -H $HOSTNAME$ -m checkcpu -u %WINCRED:1% -p %WINCRED:2%
    8. Submit
  14. Go to Settings - Attributes
    1. Click + to add
    2. Name: WINCRED
    3. Default Value: leave blank
    4. Default Arg1: USERNAME
    5. Default Arg2: PASSWORD
    6. Submit
  15. Go to Settings - Host Templates
    1. CLick + to add
    2. Name: Windows Agentless
    3. Monitors tab
    4. Drill into "OS - Windows Agentless WMI"
    5. Select the Average CPU Utilization (green +)
    6. Submit
  16. Go to Settings - Hosts
    1. Add Host
    2. Enter hostname, title
    3. Change Icon
    4. Host Templates: Windows Agentless and click the arrow to add it.
    5. Go to Attributes tab
    6. Click the grey +
    7. Select WINCRED
    8. Click the Eye icon
    9. Value: none
    10. Check arg1: Enter domain/username (example computername/administrator or domainname/username)
    11. Check arg2: Enter the password (remember no special meta characters unless you escape them, ie !)
    12. Submit
  17. Settings - Apply Changes
  18. Reload Configuration
  19. Monitoring - Hosts
    1. Click your new host
    2. Click the Mass Re-Checks icon in top left
    3. Toggle all checkboxes - Submit
    4. Do the mass re-checks again.
    5. Should show your cpucheck (or error if you missed a step / got your username or password wrong)
  20. Now you can add the rest of your WMI checks!
  21. Now you can do your other steps with ease since you know a little Linux :)
  22. Copy your nagvis map as described in Spiceworks post (and icons)
    1. Back to Winscp.exe
    2. Once again copy your jpg to the conf home
    3. While your at it unzip the Icon that Jamin289 posted and drop them into the conf home
      1. I unzipped to a folder named blocks and thin_blocks and copied those folders to the conf home
    4. Back to Putty to copy them to the proper location (doing them to these locations allows them to populate the opsview dropdown lists)
      1. cp /home/conf/NagvisLayout.jpg /usr/local/nagios/nagvis/nagvis/images/maps/
      2. cp -r /home/conf/blocks/* /usr/local/nagios/nagvis/nagvis/images/iconsets/
      3. cp -r /home/conf/thin_blocks/* /usr/local/nagios/nagvis/nagvis/images/iconsets/
    5. Apply Changes
    6. Reload Configuration
  23. Load the Nagvis map
    1. Modules - Nagvis
    2. Edit Current Map
    3. Right click in the text area and select Manage - Maps
    4. Under the "Create Map" area
      1. Name Map
      2. User with read Permissions: EVERYONE
      3. User with write Permissions: EVERYONE
      4. Map Iconset: Select Blocks or Thin_Blocks
      5. BackGround: Select NagvisLayout.jpg
    5. Click on your new map and begin loading the iconsets
      1. Edit Current Map
      2. Right click - Add Object - Icon - Service
      3. Select Host_name and service_description
      4. Place it where you want it.
      5. Save
    6. Continue as you desire with the guide from Jamin289
Good Luck!!

Don't forget to donate if you like what they've done to get you WMI.