Icinga2 can be used to monitor Linux machines as we setup in part 2. But what if we wanted to monitor a Windows Server?

The latest version of Icinga2 works with configuration files. Is it important to understand that Icinga2 does not look for a certain configuration (.conf) file. Instead it executes all configuration files located in the conf.d map.

It is best practice to use different files for every type of settings you can set in Icinga2. The different files are there to bring some order in the different types of configuration options you set. It can be one big file if you like. And maybe for a small network it is easier to just use one file.

I will discuss some relevant for this article.

  1. host.conf
    Defined hosts to be monitored. During setup Icinga2 did create one host, the icinga (master) host itself.
  2. services.conf
    Defined services to be monitored.
  3. templates.conf
    Here are the templates defined. A template is a set of attributes that can be shared between more than one object (host, service, etc).
  4. commands.conf
    Defined commands (check something) which are called from the services object.

Installing Icinga2 Windows Node

A good way to start is to copy the hosts.conf file to a new file, e.g. windows-hosts.conf. From there you can change the hostname and ip-address to match that from the new client. But before we do that we know Icinga2 master communicated with an agent on the client/node. So let’s install that.

For this article we use Windows server 2016 standard core. As we move more and more to a GUI-less Windows Server environment it’s seems appropriate.

First open powershell at the command prompt. Then we are going to install the package manager Chocolatey. For more information about chocolatey click here (https://chocolatey.org/)

After the installation you can find icinga2 at: c:\Program Files\ICINGA2\sbin. The local configuration files are in: c:\ProgramData\icinga2\etc\icinga2.

Just like in part 2 on Ubuntu we need to execute the Node Wizard. We use this command:

We use the instance name shown above to generate a setup ticket just like in part 2. On the machine with the Icinga2 master role, we use this command:

We paste the code in the setup ticket field. Then we proceed by defining the Icinga2 master.



Click next twice. Then the NSClient++ setup is started. Chose next -> generic -> typical

You can choose to install everything. I prefer not to install the webserver. On the Icinag2 master we can use the check_nrpe command to monitor different Windows services.

Configure the new Windows node on the Icinga2 master

As stated earlier the host.conf is a good place to start.

Here is the content of my windows-hosts.conf. Currently it has only one host.

After you save this file it’s time to restart icinga2.

We now have added a Windows Server. Icinga2 already uses default PING4 service to monitor the server. If we look closely to the new windows-hosts.conf file there is also a monitoring-rule on the root disk. Which checks the remaining space available on the disk.

Monitoring using NRPE

With the installation on a windows Client we also installed the NSClient++ client which enabled us to use NRPE. But what is NRPE? NRPE stands for the Nagios Remote Plugin Executor. It allows a monitoring master (Icinga2) to run specific checks on the remote node as if it ran locally. This means that checks that only can run locally can be set (checking number of users, load average, disk space usage, whether a DNS call can be processed on the node, and so one). Its overhead is small, making it fast and efficient.

Before we can use NRPE we must install it:

Where 192.168.2.60 is the IP of the Windows server, you can use the FQDN if you want. The second command checks if the NSClient++ client on the node accepts commands.

When working it returns: I (0.5.0.62 2016-09-14) seem to be doing fine…

If you get an SSL handshake error, you need to change the configuration on the client. The configuration of the NSClient++ is stored at: C:\Program Files\NSClient++\nsclient.ini
You need to add the Icinga2 master to the allowed hosts and set the SSL options like this:

Tip: just copy and paste it anywhere in your ncclient.ini file.

Restart the NSClient:

Try the check_nrpe command again, it should work now.

Configure NRPE in Icinga2

Now that we got NRPE working. Let’s add a NRPE command in Icinga2. Then we create a service which uses the new command. In command.conf add:

In services.conf add:

For now we assign it only to our Windows nodes, of which we have currently one. It is important that we use the correct NRPE command. In this case: alias_disk. Which basically works the same as the disk command but will read out all available disks.

For more NSClient++ commands click here and here.

So now we have added a Windows node and added a NRPE command to the Icinga2 Master. In the next part we are going to look at a different technique for monitoring Windows: agentless monitoring using the Check-WMI plus add-on!