I have a POS system that won't work unless the is logged in to the console session. I was thinking since I already have NSClient++ maybe I could monitor a counter via Nagios.
Is there a counter for this that I can alert if the account is not logged in? Is it '\Terminal Services\Total Sessions' ? Right now that shows 2 sessions for my VM which doesn't entirely make sense to me, unless my remote desktop counts as one and VMWare always uses one…
If I can do this with the check_nt, for me that will probably outweigh potential caveats of a better way, but I am open to ideas.
Best Answer
XP only allows 1 "interactive" login at a time, whether it is physically at the computer or remotely via RDP. As far as the "console" and remote logins go, XP doesn't care which you are using as whatever process that is supposed to run will run if logged in either way.
You are trying to determine if the user is either logged in or not, but more important (I think) is if the process is running that you want to be running. Why not just check for the running process instead of trying to figure out if the user is logged in or not? What if the process crashed but the user is still logged in?
Looking at the winlogon.exe process is not useful with XP since it runs regardless of whether or not someone is actually logged in. A typical process to look for is explorer.exe running under the username (although that too may crash and can even be killed without logging the user off).
On a Windows system, you can use "psloggedon.exe" from sysinternals (http://technet.microsoft.com/en-us/sysinternals/default.aspx) to look for local logins on the computer with the -l switch - "psloggedon \computername -l". I think the reason you are seeing 2 sessions when you are checking for the count is that the check itself establishes a session to determine how many sessions there are...
Your best bet for using check_nt in nagios looks like it would be to 1) check for the specific process you need running (hopefully it runs all the time) or 2) check for explorer.exe running since that only runs when someone is actually logged in, but like I said isn't a failsafe way to determine if that is the case.
Disclaimer! - I don't use nagios myself and just checked the site here: http://nagiosplugins.org/man/check_nt for plugins that might work for what you need