Windows Pagefile monitoring with Nagios

monitoringnagiospagefilewindows

I have a NAGIOS check that monitors virtual memory on a windows machine, this check returns all the virtual memory used (physical+ max size of the pagefile).

This is not what I want, I have tried to search for some checks that only monitor the pagefile usage on a windows machine but I didn't find anything intersting.

Are you aware of any SNMP check that monitor if the pagefile is used or not by windows?

Best Answer

WMI

You can access WMI parameters directly with WMI client installed on Linux machine:

Compile and install wmi-client package manually or use compiled packages from www.orvant.com it seem to work with newer versions of Ubuntu as well (14.04 64bit).

Here is an example of wmic usage from command line:

wmic -Uuser%pass //192.168.0.2 "SELECT FileSize FROM Win32_PageFile WHERE Path=c:\"

Now create Nagios Plugin. Examples of using wmic is here. Here is the guide how to create your own Nagios plugin, change it for work with wmic. You'll have something like this:

if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && \
[ "$3" = "-c" ] && [ "$4" -gt "0" ] && [ "$5" = "-h" ] && [ "$6" != "" ] && [ "$7" = "-u" ] && [ "$8" != "" ] && [ "$9" = "-p" ]; then

memPfSize=`wmic -U$8%$10 //$6 "SELECT FileSize FROM Win32_PageFile WHERE Path=c:\" | grep AllocatedBaseSize | awk -F'=' '{print $2}'`

if [ "$memPfSize" -ge "$4" ]; then
  echo "Memory: CRITICAL Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 2)
elif [ "$memPfSize" -ge "$2" ]; then
  echo "Memory: WARNING Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 1)
else
  echo "Memory: OK Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 0)
fi
else
  echo "check_memPfSize v1.0"
  echo "check_memPfSize -w Warning -c Critical -h Host -u Win-User -p Password"
  echo "example of usage:"
  echo "check_memPfSize -w 1024 -c 2048 -h 192.168.0.2 -u Administrator -p adminpassword"
exit
fi

You can access WMI via Python from Linux.

SNMP

If you prefer SNMP you need to install WMI-to-SNMP gateway like SNMP Informant - Advanced on your Windows machine to be able to collect system information including memory and swap. Essentially, this tool provides SNMP MIBs for the system-level WMI instrumentation, which in turn allows the WMI data to be queried by any SNMP management station. It is supported on Windows XP/Vista/2000/2003 and 2008 Servers and allows you to access data from all (over 2000) of the counters.

NSClient

Use NSClient++ on Windows to monitor pagefile.sys size. You need to install NSClient++ as a service. With this plugin for Windows machines you can monitor all other parameters as well. For example you can monitor free memory. There is no need for mayor adaptations in the NSC.ini config file on Windows machine.

Check the size of the pagefile.sys and make sure it stays above 1 gigabyte. Sample Command:

CheckFileSize ShowAll MinWarn=1G  MinCrit=512M File=c:/pagefile.sys

Nagios Configuration:

define command {
  command_name <<CheckFileSize>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MinWarn=$ARG2$  MinCrit=$ARG1$ File=c:/pagefile.sys
}

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckFileSize -a ShowAll MinWarn=1G  MinCrit=512M File=c:/pagefile.sys

Or with check_paging_file plugin on host side with NSClient++.

Related Solutions

Set Windows pagefile size in answer file

Probably not the answer you're looking for, but regarding modifying anything to do with a page file, have a look at the accepted answer to this question.

Router – Monitoring router bandwidth usage via Nagios and SNMP

I did this with a cron script, stores current value in a temp file then next time uses it to calculate bandwidth utilization since last run.

#!/bin/bash

email_address=""
router_ip=""

# 80% BANDWIDTH [ (384000bps) 48,000Bps ] - 20% = 38,400 Bps
alertBW="76800"

lastBWFile="/var/log/ciscoGW.log"
lastBW=`cat $lastBWFile | awk '{print$2}'`
lastTime=`cat $lastBWFile | awk '{print$1}'`

curBW=` snmpget  -c snmap_name -v 1 $router_ip IF-MIB::ifOutOctets.2  | awk '{print$4}'`

let diffBW=$curBW-$lastBW
#echo "Diff BW: $diffBW"
timeNow=`date +%s`
let diffTime=$timeNow-$lastTime
let alertBW=$alertBW*$diffTime

echo "$timeNow $curBW" > $lastBWFile

if [ $diffBW -gt $alertBW ]; then
#       echo "Over limit!"
        echo "Bandwith used over $diffTime seconds: $diffBW" | mail -s "BANDWIDTH OVER LIMIT!!!!" $email_address
fi

Since I was more interested in actual peaks I've since moved to using rrdtool:

#start 15 minutes ago
#end 5 minutes ago since rrdtool queries every 5 minutes 
rrdtool fetch $FROM MAX -s -900 -e -300

Best Answer

Related Solutions

Set Windows pagefile size in answer file

Router – Monitoring router bandwidth usage via Nagios and SNMP

Related Topic