I posted this on the forums some time ago and realised I had not posted here. This is the latest version, the mini change log is below.
- Update templates to suit new input method
- Backwards compatibility for old argument input method
- Overhaul how arguments are passed to wmi.php
- Debug mode via console option
- Add support for alternate namespaces
- Use isset() instead of is not null
- Prevent passwords from showing up in process list
- Fix data template MIN & MAX
- Enterprise Vault Templates
I have added support for additional namespaces and overhauled how input arguments are passed to support this. As you can see below the cmd line help details how input is now passed.
Usage:
-h <hostname> Hostname of the server to query.
-u <credential path> Path to the credential file. See format below.
-n <namespace> What namespace to use. (optional, defaults to root\CIMV2)
-w <wmi class> WMI Class to be used.
-c <columns> What columns to select. (optional, defaults to *)
-k <filter key> What key to filter on. (optional, default is no filter)
-v <filter value> What value for the key. (required, only when using filter key)
-d <debug level> Debug level. (optional, default is none, levels are 1 & 2)All special characters and spaces must be escaped or enclosed in single quotes!
Example: wmi.php -h 10.0.0.1 -u /etc/wmi.pw -w Win32_ComputerSystem -c PrimaryOwnerName,NumberOfProcessors -n ‘root\CIMV2′
Password file format: Plain text file with the following 3 lines replaced with your details.
username=<your username>
password=<your password>
domain=<your domain> (can be WORKGROUP if not using a domain)
In addition to this there is now no longer any need for additional PHP files. The passwords are stored in a separate file and called via passing the path. This prevents passwords showing up in your process list and allows you to secure it further by limiting access to the password file to the cacti user.
To ease the upgrade process backwards compatibility has been maintained however there is one gotcha. You will still need to update your templates to point to the new password file instead of the reference to the key pair in wmi-logins.php. Aside from this the old templates will all work.
So basically this version is a bit cleaner, adds a few key features, improves security and lays the foundation for further feature upgrades. As per usual the download is attached to this post and any fault tickets can be lodged on my Mantis bug tracker page (Link) and the subversion repository in the usual spot (Link).
CactiWMI-0.0.6.r101.tar.gz (132.1 KiB, 1,574 hits)
{ 19 } Comments
This works beautifully in Windows 2003 server for us, but 2008 Server is passing the following error and I can’t figure out why:
NTSTATUS: NT code 0xc002001b – NT code 0xc002001b
Any thoughts?
Glad to see it has worked for you but its a little odd that it’s not working for your 2008 machines.
What template or WMI class were you trying to query? Is the credential being used an admin on the box as that would eliminate any permission problems? Is the 2008 firewall enabled, can we test with it disabled for either the current zone or all zones? Any other firewalls between the monitoring box and the 2008 server that might be causing trouble? Does the WMI class exist and can you query it with something like Scriptomatic2?
Those would probably be the main things to test as 2008 does work with these scripts. We currently monitor a number of 2008 machines in my workplace. In any case let me know how you have gone with those questions etc.
It’s a Windows 2008 AD server, if that makes a difference. I ran the command against the box using the domain admin user (same user as I was using to test with 2003 boxes) and I was running the same command. When logged-in as the admin and running Scriptomatic2, I can query the same class without an error, even remotely from the other Windows 2008 server. I’ve tested right from the shell using wmic with the following command:
/usr/bin/wmic –namespace=’root\CIMV2′ //192.168.2.101 “SELECT PrimaryOwnerName,NumberOfProcessors FROM Win32_ComputerSystem” -U administrator –password=*****
The following is the output:
ERROR: WMI query execute.
NTSTATUS: NT code 0xc002001b – NT code 0xc002001b
The firewall service is disabled and there are no other firewalls installed, and these are two computers on the same subnet on the same switch. Is there some sort of security incompatibility with 2008 and my wmi-client version? I ran wmic -V and got Version 4.0.0tp4-SVN-build-UNKNOWN in response. The Cacti box is Ubuntu 8.10.4 with all the latest updates and patches.
Where did you get your copy of wmi-client? Did you use the wmi-client package or build it yourself? I did notice that the version in the debian repository was quite old and broken on a number of classes although it appears to be gone from the repository now… It’s possible ubuntu use that version.
When you run the wmic command directly have you tried with -d1 -d2 to increase the debug level and see whats going on?
So, its worth trying a newer version of wmic, also run wmic with those debug options to see whats happening during the query itself.
I just installed this new version, never used your plugin before, but I’m already seeing some problems with your templates. It seems that the script call in Cacti is trying to pass all variable arguments, even if they’re not set in the Cacti template. I’ve included an example below. In fact it’s doing this for variables that you have disabled as “per-host” settings, so it doesn’t even ever prompt you to check the variables. Also, I noticed that setting “root\CIMV2″ seems to help some; except that cmd.php strips the slash and ends up with “rootCIMV2″ in the command call. Any suggestions would be very helpful.
For example, cacti tries to call this and throws an error: /usr/bin/php -q /var/www/html/cacti/scripts/wmi.php -h vcaex01 -u /etc/cacti/cactiwmi.pw -w Win32_PerfFormattedData_PerfOS_Processor -n -k -v -c PercentProcessorTime
NTSTATUS: NT code 0x8004100e – NT code 0x8004100e
usr/local/bin/wmic –namespace=’-k’ –authentication-file=/etc/cacti/cactiwmi.pw //vcaex01 “SELECT * FROM Win32_PerfFormattedData_PerfOS_Processor”
But if I manually remove the “-n -k -v” flags, since they aren’t set, it will run fine:
usr/bin/php -q /var/www/html/cacti/scripts/wmi.php -h vcaex01 -u /etc/cacti/cactiwmi.pw -w Win32_PerfFormattedData_PerfOS_Processor -c PercentProcessorTime
Name0:0 PercentProcessorTime0:0 Name1:_Total PercentProcessorTime1:0
That is correct. The script call is static however you will see if you dig deeper into the data input method that many of the inputs are marked as not required and thus will pass an empty input which the script itself expects.
The error your seeing would appear to be because a bunch of quotes are missing from your input method. As such its seeing -n and treating the next argument ‘-k’ as the data for that which will cause it to fail.
Your data input method should look something like this.
/usr/bin/php -q /scripts/wmi.php -h ” -u ” -w ” -n ” -k ” -v ” -c ”
Without those quotes which then get passed through the script will treat whatever comes after each argument as the data its looking for and of course fail. The quotes even if just ” mean it gets an empty piece of data but it still gets some data and will work.
Check your data input method, it’s likely to be broken.
According to the command line, I’m running 4.0.0:
root@minas-tirith:~# wmic -V
Version 4.0.0tp4-SVN-build-UNKNOWN
I ran the wmic command with a -d2 and this is the output:
lp_load: refreshing parameters from /dev/null
gensec subsystem fake_gssapi_krb5 is disabled
gensec subsystem gssapi_spnego is disabled
Mapped to DCERPC endpoint 135
Cannot do GSSAPI to an IP address
Failed to start GENSEC client mech gssapi_krb5: NT_STATUS_INVALID_PARAMETER
OK : dcom_create_object.
OK : Create remote WMI object.
lib/com/dcom/main.c:441: dcom_get_pipe: host=192.168.2.101, similar=192.168.2.101[1027]
Successfully connected to OXID 0
OK : Login to remote object.
OK : Login to remote object.
ERROR: WMI query execute.
NTSTATUS: NT code 0xc002001b – NT code 0xc002001b
That version number isn’t much use. You can tell the real version from the tar filename or the package that you installed. Debian has only a really old version that does not work on some classes and earlier versions from a few places which are floating around have the same issue.
Grab this version, build it and try it again.
http://dev.zenoss.org/svn/trunk/inst/externallibs/wmi-1.2.8.tar.bz2
I did do an apt-get instal wmi-client and used the pre-built package before, so I uninstalled it. When I build the downloaded version, I get a bunch of errors on the make command. Following the README file, I run the following commands:
$ ./autogen.sh
$ CPPFLAGS=”-I/usr/include/python2.4″ ./configure
$ make proto bin/wmic bin/wmis wmi/_pywmi.so bin/winexe
And the end of the make command returns the following errors:
Compiling wmi/wmic.c
wmi/wmic.c: In function âstring_CIMVARâ:
wmi/wmic.c:149: warning: format â%fâ expects type âdoubleâ, but argument 3 has type âuint32_tâ
wmi/wmic.c:150: warning: format â%fâ expects type âdoubleâ, but argument 3 has type âuint64_tâ
Linking bin/wmic
Compiling wmi/wmis.c
Linking bin/wmis
make: *** No rule to make target `wmi/_pywmi.so’. Stop.
But, this is an error with the wmi client from Zenoss and not something with your plugin, it looks like. Thanks, I’ll head over to their forums to check and see if someone can help. Thank you very much for your help!
Try just building the components you need.
For what we are doing all you need is the wmic portion.
make proto bin/wmic should take care of it. Hell just bin/wmic should be enough but can’t hurt doing the other.
Solved! I compiled wmic on a different (fresh) Ubuntu install and then copied it to the monitoring server and it all worked perfectly. Whatever was blocking the compiler doesn’t seem to actually affect the client, so it’s now working. Thanks for your work and for your help!
So long as you can get the wmic binary then that’s all you really need and if your systems are similar enough then you can just copy the binary
Good to hear its working!
Hi!
I installed WMIC and CactiWmi on my new 0.8.7e.
It seems that it works but some graphs seems to fail.
For example, the CPU usage is always “nan” and it’s the same with the “Exchang 2003 active client logons” or “ntds LDAP” and “ntds ldap connections”.
Is it normal?
I have a second question.
Is there a difference between Windows Server 32bit and Windows Server 64 bit? The NTDS auths and ntds ds work with the 32bits but… “NAN” with the 64bits.
Last question, is there a difference between SQL Server? It’s the same: it works with the SQL server 2000 but fails with the SQL Server 2005.
I’m beginning with wmic and cacti; please, be patient even if the answers are easy.
Thanks a lot.
I am seeing the same problem with WMI client trying to access Win2008 systems: NTSTATUS: NT code 0xc002001b – NT code 0xc002001b
I am able to scan Win2003 systems with no problem.
I am using wmi_0.1.12 and I’m compiling on ubintu 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
Am I using the correct version of wmi-client ?
One more comment, the version that I’m running is
# wmic -V
Version 4.0.0tp4-SVN-build-UNKNOWN
I don’t know what version that is, where did it come from? Its confusing because debian slightly altered the version number compared to the package I grab and compile from zenoss.
The version I use is from http://dev.zenoss.org/svn/trunk/inst/externallibs/ its the wmi-1.x.x.tar.bz2 file. The version on deb that was broken was 1.1.3 but was listed as 0.1.13 by debian. So yer confusing.
Grab the version from that link and try again
Hi all.
I compiling wmic with sucess… i runing wmi.php for sql stats with sucess..
But i got this error in generate the graph
“ERROR: RPN final stack size != 1″
rra create OK… anyone know about that?
great job
More information…
/usr/bin/rrdtool graph – \
–imgformat=PNG \
–start=-86400 \
–end=-300 \
–title=”wgame01 – SQL – Performance” \
–base=1000 \
–height=120 \
–width=500 \
–alt-autoscale-max \
–lower-limit=0 \
–vertical-label=”Operations Per Sec” \
–slope-mode \
–font TITLE:12: \
–font AXIS:8: \
–font LEGEND:10: \
–font UNIT:8: \
DEF:a=”/var/www/cacti/rra/wgame01_buffercachehit_2538.rrd”:Buffercachehit:AVERAGE \
DEF:b=”/var/www/cacti/rra/wgame01_buffercachehit_2538.rrd”:Buffercachehitbase:AVERAGE \
DEF:c=”/var/www/cacti/rra/wgame01_batchrequestspersec_2539.rrd”:BatchRequestsPersec:AVERAGE \
DEF:d=”/var/www/cacti/rra/wgame01_transactions_2540.rrd”:Transactions:AVERAGE \
CDEF:cdefc=TIME,1264612258,GT,c,c,UN,0,c,IF,IF,TIME,1264612258,GT,d,d,UN,0,d,IF,IF,+,a,b,/,100,* \
\
\
LINE1:cdefc#FF0000FF:”Buffer Cache Hit %\:” \
GPRINT:cdefc:LAST:”Current\:%8.2lf %s” \
GPRINT:cdefc:AVERAGE:”Average\:%8.2lf %s” \
GPRINT:cdefc:MAX:”Maximum\:%8.2lf %s\n” \
LINE1:c#00FF00FF:”Batch Requests/sec\:” \
GPRINT:c:LAST:”Current\:%8.2lf %s” \
GPRINT:c:AVERAGE:”Average\:%8.2lf %s” \
GPRINT:c:MAX:”Maximum\:%8.2lf %s\n” \
LINE1:d#0000FFFF:”Transactions/sec\:” \
GPRINT:d:LAST:” Current\:%8.2lf %s” \
GPRINT:d:AVERAGE:”Average\:%8.2lf %s” \
GPRINT:d:MAX:”Maximum\:%8.2lf %s\n”
RRDTool Says:
ERROR: RPN final stack size != 1
Are you by chance using something other than Cacti 0.8.7b? If so you need to fix your CDEF’s. From the looks of things that’s what the problem is. 0.8.7b changed the number of inputs on the graph for better accuracy but it was then removed in the newer versions. This breaks the CDEF’s.
Post a Comment