ZenPack:Microsoft Windows

From Zenoss Wiki
Revision as of 21:29, 16 August 2013 by Bedwards (Talk | contribs)$7

(diff) ← Older revision | Approved revision (diff) | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Note: This is a Core ZenPack which can be found in the Core Zenoss RPM, and is fully documented in the Zenoss Extended Monitoring Guide. If you did not install this pack when you installed Zenoss Core, it can be found in $ZENHOME/packs.

Organization
Zenoss, Inc.
ZenPack name
ZenPacks.zenoss.Microsoft.Windows
More Information
GitHub page/HomePage


Applications Monitored: 



Microsoft Windows ZenPack

Monitoring for Microsoft Windows servers.

Warning

The ZenPack Catalog has moved to its new home at https://www.zenoss.com/product/zenpacks as of January 17, 2017. The following information may be out of date, and this page will eventually be removed.

Support

This ZenPack is part of Zenoss Core. Open Source users receive community support for this ZenPack via our online forums. Enterprise support for this ZenPack is provided to Zenoss customers with an active subscription.

Background

This ZenPack provides support for monitoring Microsoft Windows. Monitoring is performed using the Windows Remote Management (WinRM) and Windows Remote Shell (WinRS) to collect Windows Management Instrumentation (WMI) and perfmon data.

This ZenPack is currently in a closed beta. See Microsoft Windows for the current ZenPack.

Bulbgraph.png Note: This ZenPack supersedes earlier ZenPacks named ZenPacks.zenoss.WindowsMonitor. If you have ZenPacks.zenoss.WindowsMonitor installed on your system, please read the #Transitioning from WindowsMonitor section below.

Gallery

Features

The features added by this ZenPack can be summarized as follows. They are each detailed further below.

  • Initial discovery and continual synchronization of relevant components.
  • Performance monitoring.
  • Event management.
  • Service impact and root cause analysis. (Requires Zenoss Service Dynamics)

Discovery

The following components will be automatically discovered through the Windows server address, username and password you provide. The properties and relationships will be continually maintained by remodeling the device.

Device
File systems
Interfaces
File systems
Attributes: Mount Point, Status, Storage Device, Type, Block Size, Total Bytes, Used Bytes, Available Bytes, Total Files, Available Files, Capacity Files, Maximum Name Length
Relationships: None
Interfaces
Attributes:
Relationships: None
Processors
Attributes:
Relationships: None
Network routes
Attributes:
Relationships: None
Services
Attributes:
Relationships: None

Performance Monitoring

Perfmon counters are collected using the typeperf command within a remote shell (WinRS). The following metrics will be collected every 5 minutes by default. Any other Windows perfmon counters can also be collected by adding them to the appropriate monitoring template.

Device-level graphs
File systems
Active Directory
\NTDS\DS Client Binds/sec
\NTDS\DS Directory Reads/sec
\NTDS\DS Directory Searches/sec
\NTDS\DS Directory Writes/sec
\NTDS\DS Monitor List Size
\NTDS\DS Name Cache hit rate
\NTDS\DS Notify Queue Size
\NTDS\DS Search sub-operations/sec
\NTDS\DS Server Binds/sec
\NTDS\DS Server Name Translations/sec
\NTDS\DS Threads in Use
\NTDS\KDC AS Requests
\NTDS\KDC TGS Requests
\NTDS\Kerberos Authentications
\NTDS\LDAP Active Threads
\NTDS\LDAP Bind Time
\NTDS\LDAP Client Sessions
\NTDS\LDAP Closed Connections/sec
\NTDS\LDAP New Connections/sec
\NTDS\LDAP New SSL Connections/sec
\NTDS\LDAP Searches/sec
\NTDS\LDAP Successful Binds/sec
\NTDS\LDAP UDP operations/sec
\NTDS\LDAP Writes/sec
\NTDS\NTLM Authentications
\NTDS\DS Client Binds/sec
\NTDS\DS Directory Reads/sec
\NTDS\DS Directory Searches/sec
\NTDS\DS Directory Writes/sec
\NTDS\DS Monitor List Size
\NTDS\DS Name Cache hit rate
\NTDS\DS Notify Queue Size
\NTDS\DS Search sub-operations/sec
\NTDS\DS Server Binds/sec
\NTDS\DS Server Name Translations/sec
\NTDS\DS Threads in Use
\NTDS\LDAP Active Threads
\NTDS\LDAP Bind Time
\NTDS\LDAP Client Sessions
\NTDS\LDAP Closed Connections/sec
\NTDS\LDAP New Connections/sec
\NTDS\LDAP New SSL Connections/sec
\NTDS\LDAP Searches/sec
\NTDS\LDAP Successful Binds/sec
\NTDS\LDAP UDP operations/sec
\NTDS\LDAP Writes/sec
\DirectoryServices(NTDS)\DS Client Binds/sec
\DirectoryServices(NTDS)\DS Directory Reads/sec
\DirectoryServices(NTDS)\DS Directory Searches/sec
\DirectoryServices(NTDS)\DS Directory Writes/sec
\DirectoryServices(NTDS)\DS Monitor List Size
\DirectoryServices(NTDS)\DS Name Cache hit rate
\DirectoryServices(NTDS)\DS Notify Queue Size
\DirectoryServices(NTDS)\DS Search sub-operations/sec
\DirectoryServices(NTDS)\DS Server Binds/sec
\DirectoryServices(NTDS)\DS Server Name Translations/sec
\DirectoryServices(NTDS)\DS Threads in Use
\DirectoryServices(NTDS)\LDAP Active Threads
\DirectoryServices(NTDS)\LDAP Bind Time
\DirectoryServices(NTDS)\LDAP Client Sessions
\DirectoryServices(NTDS)\LDAP Closed Connections/sec
\DirectoryServices(NTDS)\LDAP New Connections/sec
\DirectoryServices(NTDS)\LDAP New SSL Connections/sec
\DirectoryServices(NTDS)\LDAP Searches/sec
\DirectoryServices(NTDS)\LDAP Successful Binds/sec
\DirectoryServices(NTDS)\LDAP UDP operations/sec
\DirectoryServices(NTDS)\LDAP Writes/sec
Memory
\Memory\Available bytes
\Memory\Committed Bytes
\Memory\Pages Input/sec
\Memory\Pages Output/sec
\Paging File(_Total)\% Usage
Processor
\Processor(_Total)\% Privileged Time
\Processor(_Total)\% Processor Time
\Processor(_Total)\% User Time
System
\System\System Up Time
File systems
\Disk Read Bytes/sec
\% Disk Read Time
\Disk Write Bytes/sec
\% Disk Write Time
\Free Megabytes
IIS
\Web Service(_Total)\Bytes Received/sec
\Web Service(_Total)\Bytes Sent/sec
\Web Service(_Total)\CGI Requests/sec
\Web Service(_Total)\Connection Attempts/sec
\Web Service(_Total)\Copy Requests/sec
\Web Service(_Total)\Delete Requests/sec
\Web Service(_Total)\Files Received/sec
\Web Service(_Total)\Files Sent/sec
\Web Service(_Total)\Get Requests/sec
\Web Service(_Total)\Head Requests/sec
\Web Service(_Total)\ISAPI Extension Requests/sec
\Web Service(_Total)\Lock Requests/sec
\Web Service(_Total)\Mkcol Requests/sec
\Web Service(_Total)\Move Requests/sec
\Web Service(_Total)\Options Requests/sec
\Web Service(_Total)\Other Request Methods/sec
\Web Service(_Total)\Post Requests/sec
\Web Service(_Total)\Propfind Requests/sec
\Web Service(_Total)\Proppatch Requests/sec
\Web Service(_Total)\Put Requests/sec
\Web Service(_Total)\Search Requests/sec
\Web Service(_Total)\Trace Requests/sec
\Web Service(_Total)\Unlock Requests/sec
Exchange
\MSExchangeIS Mailbox(_Total)\Folder opens/sec
\MSExchangeIS Mailbox(_Total)\Local delivery rate
\MSExchangeIS Mailbox(_Total)\Message Opens/sec
\MSExchangeIS\RPC Averaged Latency
\MSExchangeIS\RPC Operations/sec
\MSExchangeIS\RPC Requests
\SMTP Server(_Total)\Local Queue Length
\SMTP Server(_Total)\Messages Delivered/sec
\MSExchangeTransport Queues(_Total)\Active Mailbox Delivery Queue Length
\MSExchangeTransport Queues(_Total)\Messages Completed Delivery Per Second
\MSExchangeIS Mailbox(_Total)\Folder opens/sec
\MSExchangeIS Mailbox(_Total)\Local delivery rate
\MSExchangeIS Mailbox(_Total)\Message Opens/sec
\MSExchangeIS\RPC Averaged Latency
\MSExchangeIS\RPC Operations/sec
\MSExchangeIS\RPC Requests
SQLServer
\SQLServer:Access Methods\Full Scans/sec
\SQLServer:Buffer Manager\Buffer cache hit ratio
\SQLServer:Buffer Manager\Free pages
\SQLServer:Databases(_Total)\Data File(s) Size (KB)
\SQLServer:General Statistics\User Connections
\SQLServer:Latches\Latch Waits/sec
\SQLServer:Locks(_Total)\Average Wait Time (ms)
\SQLServer:Locks(_Total)\Lock Requests/sec
\SQLServer:Locks(_Total)\Number of Deadlocks/sec
\SQLServer:SQL Statistics\Batch Requests/sec
Interfaces
\Bytes Received/sec
\Bytes Sent/sec
\Packets Received Errors
\Packets Received/sec
\Packets Outbound Errors
\Packets Sent/sec

Event Management

Events will be collected from the Windows event log using a WinRM subscription. Various information encoded in these event classes will be used to automatically determine as best as possible the following Zenoss event fields.

Standard Zenoss Event Fields
  • device (set to VMware vSphere Endpoint device in the /vSphere device class)
  • component
  • summary
  • severity
  • eventClassKey (for mapping specific event types)
  • eventKey (for de-duplication and auto-clear fingerprinting)


Events collected through this mechanism will be timestamped based on the time they occurred within the Windows event log. Not by the time at which they were collected.

Usage

Adding a Windows Device

Use the following steps to start monitoring a Windows server using the Zenoss web interface.

  1. Navigate to the Infrastructure page.
  2. Select the Server/Microsoft/Windows device class.
  3. Click Details and set the configuration properties for zWinUser and zWinPassword.
  4. Click See All.
  5. Choose Add Single Device from the add device button.
  6. Fill out the form.
    • Name or IP must be resolvable and accessible from the collector server chosen in the Collector field.
  7. Click ADD.



Alternatively you can use zenbatchload to add Windows servers from the command line. To do this, you must create a text file with hostname, username and password of all the servers you want to add. Multiple endpoints can be added under the same /Devices/Server/Microsoft/Windows section. Here is an example...

/Devices/Server/Microsoft/Windows
win7-1.example.com zWinUser="Administrator", zWinPassword="password", zCollectorClientTimeout=90
winvista-1.example.com zWinUser="Administrator", zWinPassword="password", zCollectorClientTimeout=90
win2003-1d.example.com zWinUser="Administrator", zWinPassword="password", zCollectorClientTimeout=90
win2008-1d.example.com zWinUser="Administrator", zWinPassword="password", zCollectorClientTimeout=90

You can then load the Windows servers into Zenoss Core or Resource Manager as devices with the following command.

zenbatchload <filename>

Transitioning from WindowsMonitor

If you are installing this ZenPack on an existing Zenoss system or upgrading from an earlier Zenoss version you may have a ZenPack named ZenPacks.zenoss.WindowsMonitor already installed on your system. You can check this by navigating to Advanced -> ZenPacks.

This ZenPack functionally supersedes ZenPacks.zenoss.WindowsMonitor, but does not automatically migrate monitoring of your Microsoft Windows resources when installed. The ZenPacks can coexist gracefully to allow you time to manually transition monitoring to the newer ZenPack with better capabilities.

Depending on how heavily loaded your Windows and Zenoss server(s) are you may wish to avoid monitoring the same Windows resources twice in parallel. If this is the case, you should use the following instructions to first remove the existing Windows monitoring before adding the new monitoring.

  1. Navigate to the Infrastructure page.
  2. Expand the Server/Windows/WMI device class.
  3. Single-click to select a Windows device.
  4. Click the delete (-) button in the bottom-left.
  5. Click OK to confirm deleting the Windows device.
  6. Add the device back using the #Adding a Windows Device instructions above. Be sure to select the /Server/Microsoft/Windows device class and not the /Server/Windows/WMI device class.
  7. Repeat steps 3-6 for each Windows device.

If you're comfortable monitoring the Windows devices twice in parallel for a time, you can simply follow the instructions under #Adding a Windows Device then delete the old devices from the /Server/Windows/WMI device class once you're satisfied with the new monitoring.

Installed Items

Installing this ZenPack will add the following items to your Zenoss system.

Device Classes
  • /Server/Microsoft/Windows
Modeler Plugins
  • zenoss.winrm.WinOS
  • zenoss.winrm.WinIIS
  • zenoss.winrm.WinServices
Datasource Types
  • WinRS
Monitoring Templates
  • Device (in /Server/Microsoft/Windows)
  • Active Directory (in /Server/Microsoft/Windows)
  • IIS (in /Server/Microsoft/Windows)
  • MSExchangeIS (in /Server/Microsoft/Windows)
  • MSSQLServer (in /Server/Microsoft/Windows)
  • FileSystem (in /Server/Microsoft/Windows)
  • ethernetCsmacd (in /Server/Microsoft/Windows)

Installation

Normal Installation (packaged egg)

  1. Download the appropriate egg file for the version of Zenoss you are running.
  2. Ensure you are logged in as the zenoss user:
    $ sudo su - zenoss
  3. Install the ZenPack:
    $ zenpack --install ZenPacks.zenoss.Microsoft.Windows-*.egg
  4. Restart these services:
    $ zenoss restart

Developer Mode Installation

In order to do a development mode installation you will want to clone the existing git repository, and then use the --link flag with the zenpack command:

  1. Ensure you are logged in as the zenoss user:
    $ sudo su - zenoss
  2. Start by cloning the upstream repository:
    $ git clone git://github.com/path/to/repo
  3. Next, perform the installation:
    $ zenpack --link --install ZenPacks.zenoss.Microsoft.Windows
  4. Finally, restart these serivices:
    $ zenoss restart

Discuss

Purplemarker.png New: Don't forget to add yourself to the Zenoss User Map!

blog comments powered by Disqus