Setting up Nagios monitoring on Windows 2003r2 through a Firewall

Download nrpe_nt, currently

Extract to the root of c: on the Target Windows Machine.

You should have a directory called c:nrpe, that contains a sub-directory called bin.

Download the plugins, currently

Unzip this file and place the executables in a directory called c:nrpepluginsbin

Change to the c:nrpebin directory, edit the nrpe.cfg file to look like this:

server_port=<port# you'll use for this particular Target Machine> 
server_address=<This Target Machine's IP Address>
allowed_hosts=<The IP Address of your Nagios Server>
command[check_cpuload]=C:nrpepluginsbincpuload_nrpe_nt.exe 70 90
command[check_disk_c]=C:nrpepluginsbindiskspace_nrpe_nt.exe c: 70 90
command[check_disk_d]=C:nrpepluginsbindiskspace_nrpe_nt.exe d: 70 90
command[check_disk_e]=C:nrpepluginsbindiskspace_nrpe_nt.exe e: 70 90
command[check_memload]=C:nrpepluginsbinmemload_nrpe_nt.exe 70 90

open a command prompt, and:

	        nrpe_nt -i

You should get a confirmation that the service was created successfully.

Go to Administrative Tools > Services and start the service

You can test that the client is listening on the designated port on the Windows Target Machine:

	netstat -aon | findstr <port#>

Test the connection from the CLI at the nagios server:

	/usr/lib/nagios/plugins/check_nrpe -H <IP of the Firewall> -p 1248 MEMUSE -p 	<port# defined in the firewall and configured in nrpe.cfg on the target>

On the Nagios Server, in the /etc/nagios3/conf.d/check_nrpe.cfg file, define a command that will use the -p switch to allow for a port # argument:

	define command {
        	command_name    check_nrpe_port
        	command_line    /usr/lib/nagios/plugins/check_nrpe -t20 -H $HOSTADDRESS$ -c $ARG1$ -p $ARG2$

-c = The command executable on the Target Machine in c:nrpepluginsbin
-p = the port #

In the /etc/nagios3/conf.d/hosts_orig.cfg file, create your host using the ip address of the firewall.

define host{
       use                  	         test-host
       host_name           	 test-dc1
       alias                  	         test-dc1
       address             	        <IP Address of the Gateway>

In the /etc/nagios3/conf.d/services.cfg file, create the services for your host using the host_name defined above and the command name you created with arguments. Set your port number for this Target Machine here, making sure the port# matches the Target Machine where you defined that port#.

define service{
    use                                             test-template
    host_name                                 test-dc1
    service_description                    disk C:
    check_command                       check_nrpe_port!check_disk_c!5667
define service{
    use                                            test-template
    host_name                                test-dc1
    service_description                   CPU load
    check_command                       check_nrpe_port!check_cpuload!5667
define service{
    use                                             test-template
    host_name                                 test-dc1
    service_description                    memory load
    check_command                       check_nrpe_port!check_memload!5667

Reload nagios and check for errors.

Service nagios3 reload

At the firewall:

Note: This example is using a Safe@Office 500P firewall, so the terminology may be different.

You will need to create a service using tcp protocol and corresponding to each nrpe port number that you'll be using. In this case, I'm using 5666 through 5671. In my case, these settings were under Network > Services in the 500P configuration web interface.

Create a new network object for the Nagios Server using its IP Address

You'll need network objects for the Target Machines that you'll be monitoring. 

Create “allow and Forward” rules for each of your Target Machines using the service for the port # you assigned to that Target Machine:

Service = Standard Service, The service w/correct port for you Target machine
Source = Your Nagios Server
Destination = “This Gateway”
Forward to = Target Machine

Continue by configuring your Nagios Server to monitor these new Targets.

When defining the host in the hosts.cfg file for Nagios, use the firewall's gateway IP Address 

Matt Long