Windows Pagefile monitoring with Nagios

windows monitoring nagios pagefile

376

Solution 1

WMI

You can access WMI parameters directly with WMI client installed on Linux machine:

Compile and install wmi-client package manually or use compiled packages from www.orvant.com it seem to work with newer versions of Ubuntu as well (14.04 64bit).

Here is an example of wmic usage from command line:

wmic -Uuser%pass //192.168.0.2 "SELECT FileSize FROM Win32_PageFile WHERE Path=c:\"

Now create Nagios Plugin. Examples of using wmic is here. Here is the guide how to create your own Nagios plugin, change it for work with wmic. You'll have something like this:

if [ "$1" = "-w" ] && [ "$2" -gt "0" ] && \
[ "$3" = "-c" ] && [ "$4" -gt "0" ] && [ "$5" = "-h" ] && [ "$6" != "" ] && [ "$7" = "-u" ] && [ "$8" != "" ] && [ "$9" = "-p" ]; then

memPfSize=`wmic -U$8%$10 //$6 "SELECT FileSize FROM Win32_PageFile WHERE Path=c:\" | grep AllocatedBaseSize | awk -F'=' '{print $2}'`

if [ "$memPfSize" -ge "$4" ]; then
  echo "Memory: CRITICAL Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 2)
elif [ "$memPfSize" -ge "$2" ]; then
  echo "Memory: WARNING Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 1)
else
  echo "Memory: OK Pagefile: $memPfSize MB - RES: $memPfSize= MB used!|VIRT=$(($memPfSize*1024*1024));;;; RES=$(($memPfSize=*1024*1024));;;;"
$(exit 0)
fi
else
  echo "check_memPfSize v1.0"
  echo "check_memPfSize -w Warning -c Critical -h Host -u Win-User -p Password"
  echo "example of usage:"
  echo "check_memPfSize -w 1024 -c 2048 -h 192.168.0.2 -u Administrator -p adminpassword"
exit
fi

You can access WMI via Python from Linux.

SNMP

If you prefer SNMP you need to install WMI-to-SNMP gateway like SNMP Informant - Advanced on your Windows machine to be able to collect system information including memory and swap. Essentially, this tool provides SNMP MIBs for the system-level WMI instrumentation, which in turn allows the WMI data to be queried by any SNMP management station. It is supported on Windows XP/Vista/2000/2003 and 2008 Servers and allows you to access data from all (over 2000) of the counters.

NSClient

Use NSClient++ on Windows to monitor pagefile.sys size. You need to install NSClient++ as a service. With this plugin for Windows machines you can monitor all other parameters as well. For example you can monitor free memory. There is no need for mayor adaptations in the NSC.ini config file on Windows machine.

Check the size of the pagefile.sys and make sure it stays above 1 gigabyte. Sample Command:

CheckFileSize ShowAll MinWarn=1G  MinCrit=512M File=c:/pagefile.sys

Nagios Configuration:

define command {
  command_name <<CheckFileSize>>
  command_line check_nrpe -H $HOSTADDRESS$ -p 5666 -c CheckFileSize -a ShowAll MinWarn=$ARG2$  MinCrit=$ARG1$ File=c:/pagefile.sys
}

From Commandline (with NRPE):

check_nrpe -H IP -p 5666 -c CheckFileSize -a ShowAll MinWarn=1G  MinCrit=512M File=c:/pagefile.sys

Or with check_paging_file plugin on host side with NSClient++.

Solution 2

Yeah, sadly, I think you're going to end up installing nsclient++.

My first thought was to just write a vbscript or powershell script to check the size of the page file, but my first attempts returned null results because Windows is managing my pagefile. Apparently, this is a common thing.

However, this plugin appears to work. It's also a lot more comprehensive than the quick scribble I attempted. Perhaps this will solve your problem.

Solution 3

You don't state which plugin you're using, but there's no reason you can't use SNMP to check the "Virtual Memory" usage. For example, when you walk this tree (1.3.6.1.2.1.25.2) against a Windows 2008 server with SNMP, you'll see output that includes something like this:

HOST-RESOURCES-MIB::hrStorageDescr.4 = STRING: Virtual Memory
HOST-RESOURCES-MIB::hrStorageDescr.5 = STRING: Physical Memory
<snip>
HOST-RESOURCES-MIB::hrStorageSize.4 = INTEGER: 449485
HOST-RESOURCES-MIB::hrStorageSize.5 = INTEGER: 392141
<snip>
HOST-RESOURCES-MIB::hrStorageUsed.4 = INTEGER: 85263
HOST-RESOURCES-MIB::hrStorageUsed.5 = INTEGER: 104233

It seems that perhaps the plugin you're using is combining both the physical memory and the virtual memory value into a single check?

Maybe you just need a different SNMP plugin. There's an entire Memory category on Nagios Exchange, including some that explicitly list Windows usage. Shop around.

If you can't find an SNMP plugin that does what you want, there are other options...

Since you state that using a Nagios agent (nsclient++) isn't possible, a better method would be to use WMI. Microsoft only implements the bare minimum of SNMP support, but you can check literally everything about a Windows server via WMI. They have an entire WMI object for pagefile usage, for example.

There are lots of WMI checks available on Nagios Exchange (or Monitoring Exchange), like checkwmiplus, check_wmic, or (if you're dealing with many Windows boxes) perhaps nagios-wsc.

And here is some information about setting up WMI correctly for remote access.

You might want to give this question a read; it seems that the numbers you get from SNMP might not be accurate in this case.

376

Arkadeep

Updated on September 18, 2022

Comments

Arkadeep almost 2 years
I have created a Time trigger Azure function, which is triggered in 2 Hrs of interval. Every time I open the Azure portal, it is triggered and after that, it is not getting triggered.

I have searched a few links in Google but didn't get any suitable solution. Can anyone please help me out?
```
[FunctionName("MailFailureFucntion")]
public static void Run([TimerTrigger("*/30 * * * *")] TimerInfo myTimer, ILogger log)  
{

 // my code - connecting SQL and send mail

}
```
Initially I have tried with 0 */2 * * * - 2 Hrs interval. Then I have tried with */30 * * * *
- Citizen over 9 years
  
  Award something to the guys that have given some great answers. Your question has been answered. If your still stuck, award points to one of them for their hard work and open up a new question. Everyone here is answering for points.....and getting the gift of giving :) Take care
- Andriy Bilous over 3 years
  
  May you please share your time trigger schedule expression?
- user1672994 over 3 years
  
  Can you please post the function signature and it's CRON expression
- Arkadeep over 3 years
  
  updated with code.
- user1672994 over 3 years
  
  I think it should be 0 0 */2 * * * to run for every two hour. Notice there are six placeholders; but in your scenario I see only five.
- user1672994 over 3 years
  
  The same cron expression is suggested by user Andriy in his answer.
- Arkadeep over 3 years
  
  Yes.. This was the issue. It resolved with 0 0 */2 * * *
ob_dev over 9 years

It doesn't work, hrStorageSize.4 = hrStorageSize.5 + currentlyAllocated. I think the only way to do this properly is install nsclient++.
Keith over 9 years

There are WMI plugins that let you check file sizes. Just check the size of the pagefile.
Keith over 9 years

"sudo aptitude install wmi-client" implies Ubuntu, but packages.ubuntu.com/wmi-client doesn't show it listed...?
BBK over 9 years

Yes. Now you need to compile it manually.
Arkadeep over 3 years

Yes it is running every two hours, only when my Azure portal is open. As soon as I lose the same, the triggering is getting off.
Andriy Bilous over 3 years

I would recommend to check runOnStartup and make sure that is set to false learn.microsoft.com/en-us/azure/azure-functions/…
Arkadeep over 3 years

Yes...the issue was with the corn expression only.