Monitoring a Windows machine with extended counters
This is the way I monitor all my servers. You might like or you might not, this is the way I do things. Feel free to learn from it what you want, and do things your own way of course. I have come to do it this way after years of trial and error, and these methods seem to work fine.
This page explains how to configure things, and the zip file with all the configs and scripts is here: http://files.hongens.nl/snmp/Â (just get the latest version).
The intended audience is systems administrators with knowledge of snmp and cacti. If you don’t have experience, first set up cacti and monitor your windows machines using the out-of-the-box templates, and get familiar with that.Â Go to http://forums.cacti.net is you need help with that. You should also know what the performance counters mean, google will help you with that as well.
I chose to register my own SNMP prefix (.22.214.171.124.4.1.32046.1.3.2), and extend that prefix. I copied some MIB’s (also in the zip file) so that I can also use these oid’s by name. I refer to individual oid’s such as:
$ snmptranslate -On NETMATCH-EXTEND-MIB::nsExtendOutputFull.\"NM_WIN_LOGDISK_IOPS_D_READ\"
If you want to use some other oid, or you don’t want to use my mibs, use the numeric prefixes:
$ snmptranslate -On .126.96.36.199.4.1.32046.1.3.2.3.1.2.\"NM_WIN_LOGDISK_IOPS_D_READ\"
Or you could even use the fully translated numberic oid’s, that’s up to you. I can’t really help you with the MIB thingy, I made those years ago, no idea how I made them. Google is your best friend. Notice that I escape the quote signs around the extension name with backslashes when I use it on the command line.
In my snmpd.conf, I have lines like:
extend .188.8.131.52.4.1.32046.1.3.2 NM_WIN_LOGDISK_IOPS_D_WRITE type d:\scripts\snmp\NM_WIN_LOGDISK_IOPS_D_WRITE.txt
And on my cacti servers, where I have my own MIB, I use the enterprise name on the command line or in cacti:
Note that upon importing templates into cacti, the escape backslashes are then escaped again. You need to go into the data source template, and make it as single backslash again, to escape the quote signs. Or use the fully translated oid’s, that’s up to you.
Install NET-SNMP on Windows
We’re going to install the open source Net-SNMP package, and use it together with the standard Windows SNMP agent.
The MS SNMP agent cannot be easily extended by adding scripts. You could compile DLL’s and add them to the extension list, but that’s way too complex for us. The Net-SNMP agent can be extended by easily editing a text file which gives much more flexibility. Perhaps in the future I’ll write a native Windows SNMP extension dll.
In what mode do we run the Net-SNMP agent?
Since some recent version Net-SNMP, one can install it as a replacement for the Windows agent. This means that Net-SNMP will then start up using its own MIB’s, and load each extension DLL that was previously loaded by the MS SNMP agent. (The list is stored in the registry). However, some MIB’s are missing in the standard Net-SNMP implementation, and Net-SNMP crashes when loading for example the DellÂ OpenManage extension DLL. Therefore, the drop-in replacement is not really an option.
What we are going to do is run the MS SNMP agent and the Net-SNMP agent side-by-side, which is described in the manual as well. Net-SNMP will run on port 161, and receive all requests. All OID’s that Net-SNMP does not know how to handle, will be proxied to the MS SNMP agent. The MS SNMP agent will then load all it’s extensions, like Paessler SNMP helper, Dell OpenManage, etc.
First, make sure you have installed the Microsoft SNMP agent, and make sure it accepts connections from localhost, using the community name ‘public’. (Or use your own community in the rest of the guide)
Install the latest net-snmp binaries from www.net-snmp.org. At the time of writing, this is http://downloads.sourceforge.net/net-snmp/net-snmp-5.4.2-1.win32.exe?modtime=1222072245. Install in the default mode, do NOT use the ‘with Windows Extension DLL support’ option, and install to c:\net-snmp instead of c:\usr.
Register the service by going to start > all programs > net-snmp > service > register agent service.
Configure Net-SNMP agent
Create a text file C:\net-snmp\etc\snmp\snmpd.conf (only the snmp.conf is present by default!), and put a config in like:
proxy -v 1 -c public localhost:8161 .1.3
(the proxy line tells net-snmp to relay requests to port 8161 on localhost)
Change MS-SNMP port number and start services
Next, change the windows snmp agent port. Do this by editing c:\windows\system32\drivers\etc\services, and change the snmp port from 161 to 8161. Restart the SNMP agent. It should now listen on UDP/8161.
Then, start the net-snmp agent service.
That’s it! you should now be able to monitor the existing counters using the exact same syntax and OID’s as before putting net-snmp in between, but now you have the availability to add custom scripts.
For example, you could add the following to the snmpd.conf to extend the agent. Remember you have to restart the Net-SNMP agent after each change!
#MSSQL Active temp tables, cacti type GAUGE
extend .184.108.40.206.4.1.32046.100 NM_MSSQL_ACTIVETEMPTABLES D:/scripts/perf32.exe “SQLServer:General Statistics\Active Temp Tables”
Because getting these values ‘live’ is way to slow, we use a custom batch file which we run every 5 minutes, to retrieve all configured counters, and to store them on disk for easy and fast retrieval by net-snmp. Read more about that below.
Extend vs Exec
We use the extend command in the snmpd.conf file. The extend command outputs a very strict format, on the contrary to exec. The result is that you can use you own oid (in NetMatch’ case .220.127.116.11.4.1.32046), and then net-snmp will extend that by putting a large table after it. The name, like NM_MSSQL_USERCONNECTIONS will be encoded in some way, and added to the OID. This way, you get a very long output like .18.104.22.168.4.1.32046.100.4.1.22.214.171.124.126.96.36.199.188.8.131.52.184.108.40.206.220.127.116.11.18.104.22.168.22.214.171.124, but it will be exactly the same across all machines!
If you use the exec command, you will get a shorter output OID, but the resulting OID will be dependent on the order of the exec commands, something that is now desirable in our environment.
Place the scripts
On every machine, we have a folder d:\scripts\snmp for the purpose of monitoring.Â The contents of this folder are also in the zip file under ‘windows\agent script folder’. Just copy everything, and delete what you do not need on this host. This folder contains a batch file called fillcounters.bat, which is the main script. It in turn runs all kinds of custom scripts and programs (sources included in the zip under ‘windows\agent tools sources’.
Create the scheduled task and test it
Create a new scheduled task called ‘fillcounters’ to run the script “d:\scripts\snmp\fillcounters.bat”, have it run in “d:\scripts\snmp”, and run it under the system account, or a dedicated service account with administrator rights (or tweak yourself). It should start every day at 00:03, and repeat every five minutes, for a duraction of 1 day. Then on the ‘settings’ tab, make sure to set ‘stop the task if it runs for 0 hours 4 minutes’.
Manually run the job by right-clicking on it, and select ‘run’. When it’s done (should take 10-20 secs), you should see .TXT files appear in the d:\scripts\snmp folder.
Copy the snmpd.conf file from the zip file (‘windows\agent snmpd conf\snmpd.conf’) to c:\net-snmp\etc\snmp\, and edit it by deleting all the rows that are NOT used (same as in the fillcounters file above). Then restart the NET-SNMP service.
This should be all on the agent side. But of course, testing makes it sure. Log on to your cacti machine, and make sure you can get a monitored value:
$ snmpget -v2c -c public myagent .126.96.36.199.4.1.32046.1.3.2.3.1.2.\"NM_WIN_LOGDISK_IOPS_D_READ\"
NETMATCH-EXTEND-MIB::nsExtendOutputFull."NM_WIN_LOGDISK_IOPS_D_READ" = STRING: 1094620505
Add graphs to cacti
That’s it, you can now add the graphs in cacti. Import all templates from the zip file (and make sure in the data template that the oid name is properly escaped after importing). Add the graph templates to the devices, create the associated graphs, and you should be up and running!