Windows Passive Agent

The plugins command

You can tell the agent how to use the plugins by adding some new command lines to its configuration file. Each command informs the program how to use the plugin, and each plugin has a specific function.

Edit the configuration file at “C:\Program Files\Nagios\NRDS_Win” using administrator permissions. You should see something like the following:


1. There are three sections in the configuration file: [settings], [services], and [extensions]. We need to add our commands (as shown below) to the [services] section of the config file.

command[__HOST__] = .\plugins\check_winping.exe -H --warning 200,40% --critical 400,80%
command[Win_Processor_Load_Passive] = .\plugins\cpuload_nrpe_nt.exe 70 90
command[Win_Used_Disk_C_Passive] = .\plugins\check_pdm.exe --disk --drive C: -w 90.2 -c 96.4
command[Win_Used_Physical_Memory_Passive] = .\plugins\check_pdm.exe --memory -w 94 -c 99
command[Win_Used_PageFile_Passive] = .\plugins\check_pdm.exe --memory pagefile -w 92 -c 98
#command[Win_Event_Viewer_Passive] = .\plugins\eventlog_nrpe_nt.exe -m 7200
command[Win_DNS_Client_Passive] = .\plugins\service_nrpe_nt.exe "DNS Client"
command[Win_Time_Client_Passive] = .\plugins\service_nrpe_nt.exe "Windows Time"
command[Win_Running_Processes_Passive] = .\plugins\check_winprocess.exe --warning 90 --critical 110


The commands are composed of three parts: “Command Name”, “plugin path”, and “options”. Here some explanations regarding each of them.

  • Command[Win_Processor_Load_Passive] will check the processor load. This command uses the “cpuload_nrpe_nt.exe” plugin and in this case we will receive a warning if the load is between 70% and 90%, and a critical alert if more than 90%.
  • Command[__HOST__] is a special command used to ping the server itself. It uses the “check_winping.exe” plugin to do its job. At the end of this command we can see definition for the warning and the critical state threshold in %. In our case if in 200 ms we have more than a 40% of loss, we will be notified with a warning. If in 400 ms there is more that 80% packet loss, the state will change to critical.
  • Command[Win_DNS_Client_Passive] will check if the “DNS Client” service is up and running and will send you a notification if it is down.
  • Command[Win_Used_PageFile_Passive] will check the page file usage. Warnings are configured at 92% and the critical state is 98%.
  • Command[Win_Used_Disk_C_Passive] will help you keep an eye on your disk space. You can add additional lines if you need to monitor more than one disk. Just copy and paste the line to create a new one and change the default C: letter.
  • Command[Win_Used_Physical_Memory_Passive] monitor used memory on your server. In our definition, you’ll get a warning notification at 94% and a critical notification at 100%.
  • Command[Win_Event_Viewer_Passive] will check the event viewer for warning or critical messages. You can use the “-m” option to specify how many minutes back from the current time to check (eventlog_nrpe_nt.exe -m 7200 will check for the last 5 days). Using the “-s” option to exclude a service (eventlog_nrpe_nt.exe –s “Windosws DNS” will not notify you if there is a warning or critical messages for the “Windows DNS” service). To exclude a specific event ID number use option “-i” (event_nrpe_nt.exe – i “1000, 7011”).
  • Command[Win_Time_Client_Passive] verifies if the service “Windows Time” is up. If not, you will receive a notification.
  • Command[Win_Running_Processes_Passive] will check the number of running services. In our definition, we have configured the agent to send a warning when the number of running services is between 90 and 109. At 110 running services, you will receive a critical notification. Feel free to modify this to your liking.
Suggest Edit