Before you can monitor Windows devices, you must ensure that:
DCOM is enabled for WMI connections
The hostname of the system collector does not exceed fifteen characters
If you are using Zenoss Core, you must additionally ensure that an SNMP agent is enabled on Windows devices. If your system is running Windows Vista, for example, follow these steps to see if the SNMP agent is enabled:
From the Start menu list, right-click Computer, and then select Manage from the list of options.
From the Computer Management panel navigation area, expand Services and Applications, and then select Services.
The Services list appears.
Locate the listing for SNMP Service. If it does not show a status of "Started," then click Start (the service).
If SNMP Service does not appear in the list, then you may have to enable the SNMP feature (from the "Turn Windows features on and off" selection in the Control Panel).
Optionally, you can use SNMP InformantTM to collect CPU, memory, and disk I/O statistics. SNMP Informant agents collect information from Windows devices via WMI on the server where they are installed, and then convert system, state, and operational data into SNMP OIDs for broadcast. The system can then process the SNMP OID information and generate events and alerts based on this information. See the section titled Monitoring Windows Performance with SNMP Informant (in this chapter) for more information.
You must set the following configuration properties to collect information from Windows servers. In Zenoss, navigate to the configuration properties for each device, and then set the appropriate values for:
zWmiMonitorIgnore - Tuns on or off all WMI monitoring. Set the value of Ignore to False to turn on Windows monitoring.
You should set this property at the Server/Windows class level, so that any device placed in this class has Windows monitoring automatically enabled.
zWinUser - Must be set as the local admin. The format for zWinUser is:
.\Username - The format to use when the account is a local account.
DOMAIN\Username - The format for a Domain account.
zWinPassword - Enter the password used to remotely log in to the Windows machine.
Follow these steps to test the WMI connections on the Windows server:
In the Namespace field, enter:
Enter login information in the User and Password fields.
Enter “select * from win32_service” to return a dialog with a list of services on the device.
The system can gather additional, detailed OS and hardware information from Windows devices if you have these agents installed on your Windows device:
Dell Open Manage Agent
HP Insight Management Agent
The WinServiceMap WMI plugin is included in zCollectorPlugins on the /Server/Windows device class. WinServiceMap retrieves all services that can be monitored on a device, regardless of whether it is up or down.
Windows services are (by default) not monitored. To monitor a specific Windows service, follow these steps:
Navigate to Infrastructure > Windows Services.
Select the service you want to monitor from the list in the left panel.
Select Set Local Value for Enable Monitoring? (zMonitor), and then click Save.
The system uses ZenEventlog to collect WMI event log events. Enable the following configuration properties to define how Windows event log events are processed and monitored:
zWinEventLog - Tells the system whether or not to read the event log.
zWinEventLogMinSeverity - Sets the minimum severity to collect from the Windows event log. The lowest number indicates the highest severity (1 is the most severe; 5 is least severe).
Install the free version of SNMP Informant from this location:
To make sure SNMP Informant is running and set up correctly, run this command to walk the SNMP Informant MIB:
snmpwalk -v1 -c<community> <server> 184.108.40.206.4.1.9600
This command will return some performance information if SNMP Informant is configured and running correctly.
Once this is configured properly, the system gathers and uses SNMP information the same as any other device sending SNMP traps.
You can use winexe commands to run commands on monitored Windows servers from within the system.
$ZENHOME/bin/winexe [options] //host [command]
|--uninstall||Uninstall winexe service after remote execution.|
|--reinstall||Reinstall winexe service before remote execution.|
|--system||Use SYSTEM account.|
|--runas=[DOMAIN\]USERNAME%PASSWORD||Run as user (IMPORTANT! password is sent in cleartext over net).|
|-?, --help||Show this help message.|
|--usage||Display brief usage message.|
|Common samba options||Use|
|-d, --debuglevel=DEBUGLEVEL||Set debug level.|
|--debug-stderr||Send debug output to STDERR.|
|-s, --configfile=CONFIGFILE||Use alternative configuration file.|
|--option=name=value||Set smb.conf option from command line.|
|-l, --log-basename=LOGFILEBASE||Basename for log/debug files.|
|--leak-report||enable talloc leak reporting on exit.|
|--leak-report-full||enable full talloc leak reporting on exit.|
|-V, --version||Print version.|
|-R, --name-resolve=NAME-RESOLVE-ORDER||Use these name resolution services only.|
|-O, --socket-options=SOCKETOPTIONS||Socket options to use.|
|-n, --netbiosname=NETBIOSNAME||Primary netbios name.|
|-W, --workgroup=WORKGROUP||Set the workgroup name.|
|--realm=REALM||Set the realm name.|
|-i, --scope=SCOPE||Use this Netbios scope.|
|-m, --maxprotocol=MAXPROTOCOL||Set max protocol level.|
|-U, --user=[DOMAIN\]USERNAME[%PASSWORD]||Set the network user name.|
|-N, --no-pass||Do not ask for a password.|
|-A, --authentication-file=FILE||Get the credentials from a file.|
|-S, --signing=on|off|required||Set the client signing state.|
|-P, --machine-pass||Use stored machine account password (implies -k).|
|--simple-bind-dn=STRING||DN to use for a simple bind.|
|-k, --kerberos=STRING||Use Kerberos.|
|--use-security-mechanisms=STRING||Restricted list of authentication mechanisms available for use with this authentication.|