Skip navigation
Currently Being Moderated

6.6 Monitoring Windows Devices

Created on: Aug 5, 2010 7:52 AM by Zenoss API - Last Modified:  Aug 5, 2010 7:52 AM by Zenoss API

 6. Monitoring Windows Devices

 6.1. Device Preparation for Windows Devices

In all  Zenoss versions, WMI is used to monitor the Windows event log and state of Windows services.

Before you can monitor Windows devices, you must ensure that:

  • DCOM is enabled for WMI connections

  • The hostname of the system collector does not exceed fifteen characters

If you are using  Zenoss Core, you must additionally ensure that an SNMP agent is enabled on Windows devices. If your system is running Windows Vista, for example, follow these steps to see if the SNMP agent is enabled:

  1. From the Start menu list, right-click Computer, and then select Manage from the list of options.

  2. From the Computer Management panel navigation area, expand Services and Applications, and then select Services.

    The Services list appears.

  3. Locate the listing for SNMP Service. If it does not show a status of "Started," then click Start (the service).


    If SNMP Service does not appear in the list, then you may have to enable the SNMP feature (from the "Turn Windows features on and off" selection in the Control Panel).

Optionally, you can use SNMP InformantTM to collect CPU, memory, and disk I/O statistics. SNMP Informant agents collect information from Windows devices via WMI on the server where they are installed, and then convert system, state, and operational data into SNMP OIDs for broadcast. The system can then process the SNMP OID information and generate events and alerts based on this information. See the section titled Monitoring Windows Performance with SNMP Informant (in this chapter) for more information.


If you are using  Zenoss Enterprise, SNMP Informant is not needed (its functionality is included in these versions).

 6.2. Setting Windows Configuration Properties

You must set the following configuration properties to collect information from Windows servers. In  Zenoss, navigate to the configuration properties for each device, and then set the appropriate values for:

  • zWmiMonitorIgnore - Tuns on or off all WMI monitoring. Set the value of Ignore to False to turn on Windows monitoring.

    You should set this property at the Server/Windows class level, so that any device placed in this class has Windows monitoring automatically enabled.

  • zWinUser - Must be set as the local admin. The format for zWinUser is:

    • .\Username - The format to use when the account is a local account.

    • DOMAIN\Username - The format for a Domain account.

  • zWinPassword - Enter the password used to remotely log in to the Windows machine.

 6.3. Testing WMI on a Windows Server

Follow these steps to test the WMI connections on the Windows server:

  1. Run wbemtest.

  2. Click “Connect…”

  3. In the Namespace field, enter:


  4. Enter login information in the User and Password fields.

  5. Click Query.

  6. Enter “select * from win32_service” to return a dialog with a list of services on the device.

 6.4. Optional Windows Configuration

The system can gather additional, detailed OS and hardware information from Windows devices if you have these agents installed on your Windows device:

  • Dell Open Manage Agent

  • HP Insight Management Agent

 6.5. Modeling Services on Windows Devices

 Zenoss uses ZenWin to perform Windows Service Monitoring over WMI. ZenWin monitors the up and down availability of Windows services.

The WinServiceMap WMI plugin is included in zCollectorPlugins on the /Server/Windows device class. WinServiceMap retrieves all services that can be monitored on a device, regardless of whether it is up or down.

Windows services are (by default) not monitored. To monitor a specific Windows service, follow these steps:

  1. Navigate to Infrastructure > Windows Services.

  2. Select the service you want to monitor from the list in the left panel.

  3. Select Set Local Value for Enable Monitoring? (zMonitor), and then click Save.

 6.6. Collecting Windows Eventlog Events

The system uses ZenEventlog to collect WMI event log events. Enable the following configuration properties to define how Windows event log events are processed and monitored:

  • zWinEventLog - Tells the system whether or not to read the event log.

  • zWinEventLogMinSeverity - Sets the minimum severity to collect from the Windows event log. The lowest number indicates the highest severity (1 is the most severe; 5 is least severe).

 6.7. Monitoring Windows Performance with SNMP Informant

 Zenoss can use information from SNMP Informant to collect SNMP information from Windows devices.

Install the free version of SNMP Informant from this location:

To make sure SNMP Informant is running and set up correctly, run this command to walk the SNMP Informant MIB:

snmpwalk -v1 -c<community> <server>

This command will return some performance information if SNMP Informant is configured and running correctly.

Once this is configured properly, the system gathers and uses SNMP information the same as any other device sending SNMP traps.

 6.8. Running winexe Commands on Windows Servers

You can use winexe commands to run commands on monitored Windows servers from within the system.


$ZENHOME/bin/winexe [options] //host [command]
--uninstallUninstall winexe service after remote execution.
--reinstallReinstall winexe service before remote execution.
--systemUse SYSTEM account.
--runas=[DOMAIN\]USERNAME%PASSWORDRun as user (IMPORTANT! password is sent in cleartext over net).


Help OptionsUse
-?, --helpShow this help message.
--usageDisplay brief usage message.


Common samba optionsUse
-d, --debuglevel=DEBUGLEVELSet debug level.
--debug-stderrSend debug output to STDERR.
-s, --configfile=CONFIGFILEUse alternative configuration file.
--option=name=valueSet smb.conf option from command line.
-l, --log-basename=LOGFILEBASEBasename for log/debug files.
--leak-reportenable talloc leak reporting on exit.
--leak-report-fullenable full talloc leak reporting on exit.
-V, --versionPrint version.


Connection OptionsUse
-R, --name-resolve=NAME-RESOLVE-ORDERUse these name resolution services only.
-O, --socket-options=SOCKETOPTIONSSocket options to use.
-n, --netbiosname=NETBIOSNAMEPrimary netbios name.
-W, --workgroup=WORKGROUPSet the workgroup name.
--realm=REALMSet the realm name.
-i, --scope=SCOPEUse this Netbios scope.
-m, --maxprotocol=MAXPROTOCOLSet max protocol level.


Authentication OptionsUse
-U, --user=[DOMAIN\]USERNAME[%PASSWORD]Set the network user name.
-N, --no-passDo not ask for a password.
-A, --authentication-file=FILEGet the credentials from a file.
-S, --signing=on|off|requiredSet the client signing state.
-P, --machine-passUse stored machine account password (implies -k).
--simple-bind-dn=STRINGDN to use for a simple bind.
-k, --kerberos=STRINGUse Kerberos.
--use-security-mechanisms=STRINGRestricted list of authentication mechanisms available for use with this authentication.
Comments (0)