Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Check Windows time against AD or target
Current Version
0.1
Last Release Date
2013-05-06
Compatible With
- Nagios 3.x
Owner
Website
License
GPL
Hits
43643
Files:
| File | Description |
|---|---|
| lotp_check_time.ps1.txt | lotp_check_time.ps1.txt |
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
Windows Server that are not DC can't be tested through NTP by default.
This powershell script is executed locally and compare time with w32tm tool.
Workflow:
-If reference server is provided, it's used directly.
-If no reference server is provided:
-if domain joined:
Try to use logonserver variable, to get closest live DC.
Else auto find a DC (random) which is not itself and compare time.
Else, use pool.ntp.org
-If workgroup:
use pool.ntp.org
Provide performance data (offset jig) to get graphs
###############################################
Tested Setup:
Monitoring Box:
-Centos 6.4 x64
-Nagios 3.4.4
-check_nrpe 2.13
-Centreon 2.4.2
Windows Server:
-Windows Server 2003 / 2008 R2 / 2012
-nsclient++ 0.4.1 x64 and x86
-tested on both Core & GUI Servers
###############################################
Scripts arguments
The script accept 3 arguments:
-refTimeServer (AD find or pool.ntp.org by default)
-maxWarn (Warning if above, in second) (1 by default)
-maxError (Critical if above, in second) (5 by default)
maxWarn and maxCrit but me integer.
The time is compared in absolute, so it works either the shift is positive or negative
###############################################
Local execution example:
PS C:Program FilesNSClient++scripts> . .lotp_check_time.ps1
OK:-00.0307684s - checked against pool.ntp.org|offset=-00.0307684s;1;5;
PS C:Program FilesNSClient++scripts>
NRPE execution:
[root~]# /usr/lib64/nagios/plugins/check_nrpe -H myserver -n -c check_time -a "myPDCServer" 1 5
OK:+00.0671837s - checked against myPDCServer|'offset'=0.06718s;1;5
[root~]#
###############################################
Installation:
On Windows Servers:
-copy script in folder C:Program FilesNSClient++scripts
-enable powershell script execution without signed : Set-ExecutionPolicy RemoteSigned
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_time=lotp_check_time.ps1 -refTimeServer $ARG1$ -maxWarn $ARG2$ -maxError $ARG3$
###############################################
Configuration:
For example, on Centreon:
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_time -a "$ARG1$" $ARG2$ $ARG3$
Then add monitoring filling the ARGS.
For graph, enable performance data on the monitoring test
Tested Setup:
Monitoring Box:
-Centos 6.4 x64
-Nagios 3.4.4
-check_nrpe 2.13
-Centreon 2.4.2
Windows Server:
-Windows Server 2003 / 2008 R2 / 2012
-nsclient++ 0.4.1 x64 and x86
-tested on both Core & GUI Servers
###############################################
Scripts arguments
The script accept 3 arguments:
-refTimeServer (AD find or pool.ntp.org by default)
-maxWarn (Warning if above, in second) (1 by default)
-maxError (Critical if above, in second) (5 by default)
maxWarn and maxCrit but me integer.
The time is compared in absolute, so it works either the shift is positive or negative
###############################################
Local execution example:
PS C:Program FilesNSClient++scripts> . .lotp_check_time.ps1
OK:-00.0307684s - checked against pool.ntp.org|offset=-00.0307684s;1;5;
PS C:Program FilesNSClient++scripts>
NRPE execution:
[root~]# /usr/lib64/nagios/plugins/check_nrpe -H myserver -n -c check_time -a "myPDCServer" 1 5
OK:+00.0671837s - checked against myPDCServer|'offset'=0.06718s;1;5
[root~]#
###############################################
Installation:
On Windows Servers:
-copy script in folder C:Program FilesNSClient++scripts
-enable powershell script execution without signed : Set-ExecutionPolicy RemoteSigned
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_time=lotp_check_time.ps1 -refTimeServer $ARG1$ -maxWarn $ARG2$ -maxError $ARG3$
###############################################
Configuration:
For example, on Centreon:
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_time -a "$ARG1$" $ARG2$ $ARG3$
Then add monitoring filling the ARGS.
For graph, enable performance data on the monitoring test
Reviews (2)
byjeepsburg, December 1, 2021
On Windows servers, I believe the nsclient.ini is now renamed to NSC.ini on newer nagios XI agent installations.
Change is under the "C:Program FilesNSClient++scripts" section and it should be;
"-Add to NSC.ini"
Also, if you haven't enabled or used NRPE checks, this is a good read with the main reminder to be that you need to restart your NSClient++ service after making changes to your NSC.ini file - https://assets.nagios.com/downloads/nagiosxi/docs/Enabling-The-NRPE-Listener-In-NSClient-0.3.x.pdf
Lastly, if you're running the latest version of Nagios XI, where the instructions say to add a new command, I had to replace the -n with a -2 or else I would get version errors. ie.
$USER1$/check_nrpe -H $HOSTADDRESS$ -2 -c check_time -a "$ARG1$" $ARG2$ $ARG3$
Change is under the "C:Program FilesNSClient++scripts" section and it should be;
"-Add to NSC.ini"
Also, if you haven't enabled or used NRPE checks, this is a good read with the main reminder to be that you need to restart your NSClient++ service after making changes to your NSC.ini file - https://assets.nagios.com/downloads/nagiosxi/docs/Enabling-The-NRPE-Listener-In-NSClient-0.3.x.pdf
Lastly, if you're running the latest version of Nagios XI, where the instructions say to add a new command, I had to replace the -n with a -2 or else I would get version errors. ie.
$USER1$/check_nrpe -H $HOSTADDRESS$ -2 -c check_time -a "$ARG1$" $ARG2$ $ARG3$
... but has it's shortcomings.
This is a corrected version (hopefully it doesn't get garbled):
# ====================================================================
# Check time against DC or specified server through NRPE / w32tm
# Author: Mathieu Chateau - LOTP
# mail: mathieu.chateau@lotp.fr
# version 0.1
# corrected and fixes performance data for positive differences by UKA
# ====================================================================
#
# Require Set-ExecutionPolicy RemoteSigned.. or sign this script with your PKI
#
# ============================================================
#
# Do not change anything behind that line!
#
param
(
[string]$refTimeServer,
[int]$maxWarn = 1,
[int]$maxError = 5
)
$output=""
$exitcode=2
$random=
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
$refTimeServer=$env:LOGONSERVER -replace ('\\',"")
if(($refTimeServer -match "^$|^ $") -or ($env:LOGONSERVER -match $refTimeServer))
{
if((gwmi win32_computersystem).partofdomain -eq $true)
{
#Must use select and not .Name directly. If some DC are down, command will be empty with .Name
$fromAD=@()
foreach ($entry in ((([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | % { $_.DomainControllers }))| select Name))
{
#if this server is a DC, can't check time against itself
if(! (($env:COMPUTERNAME -match $entry) -or ($entry -match $env:COMPUTERNAME)))
{
$fromAD += $entry
}
}
if($fromAD.Count -gt 1)
{
#get a random DC from AD, as no server provided and no logon server could be found
$refTimeServer=(Get-Random -InputObject $fromAD).Name
}
else
{
#only one DC, defaulting to internet
$refTimeServer="de.pool.ntp.org"
}
}
else
{
#Workgroup but no server to check time against provided. Defaulting to internet to do something
$refTimeServer="de.pool.ntp.org"
}
}
}
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
#Something bad happened. Should never happen
Write-Host "CRITICAL: can't auto detect logon server to check against. Need to specify manually using refTimeServer argument"
exit 2
}
# determine time offset to selected server
$temp=w32tm /stripchart /computer:$refTimeServer /period:1 /dataonly /samples:1
# get last line: time, [+-]00.00000 -> replace 00 by 0, replace +0 by + (for performance data)
$temp=($temp | select -Last 1) -replace (".*, ","") -replace ("\+0","0") -replace ("00\.","0.")
$temp=$temp -replace ("s$","")
# default
$state = "WARNING"
if ($temp -match "^\-?[0-9]+\.[0-9]+$")
{
$output=$temp+"s - checked against "+$refTimeServer
if ([math]::abs($temp) -gt $maxError)
{
$state="CRITICAL"
$exitcode=2
}
elseif ([math]::abs($temp) -gt $maxWarn)
{
$state="WARNING"
$exitcode=1
}
else
{
$state="OK"
$exitcode=0
}
}
else
{
$output="Error: - used $refTimeServer as time server - output:$temp"
$exitcode=2
}
$output=$state+":"+$output+'|'+"offset="+$temp+"s"+";"+$maxWarn+";"+$maxError+";"
Write-Host $output
exit $exitcode
This is a corrected version (hopefully it doesn't get garbled):
# ====================================================================
# Check time against DC or specified server through NRPE / w32tm
# Author: Mathieu Chateau - LOTP
# mail: mathieu.chateau@lotp.fr
# version 0.1
# corrected and fixes performance data for positive differences by UKA
# ====================================================================
#
# Require Set-ExecutionPolicy RemoteSigned.. or sign this script with your PKI
#
# ============================================================
#
# Do not change anything behind that line!
#
param
(
[string]$refTimeServer,
[int]$maxWarn = 1,
[int]$maxError = 5
)
$output=""
$exitcode=2
$random=
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
$refTimeServer=$env:LOGONSERVER -replace ('\\',"")
if(($refTimeServer -match "^$|^ $") -or ($env:LOGONSERVER -match $refTimeServer))
{
if((gwmi win32_computersystem).partofdomain -eq $true)
{
#Must use select and not .Name directly. If some DC are down, command will be empty with .Name
$fromAD=@()
foreach ($entry in ((([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | % { $_.DomainControllers }))| select Name))
{
#if this server is a DC, can't check time against itself
if(! (($env:COMPUTERNAME -match $entry) -or ($entry -match $env:COMPUTERNAME)))
{
$fromAD += $entry
}
}
if($fromAD.Count -gt 1)
{
#get a random DC from AD, as no server provided and no logon server could be found
$refTimeServer=(Get-Random -InputObject $fromAD).Name
}
else
{
#only one DC, defaulting to internet
$refTimeServer="de.pool.ntp.org"
}
}
else
{
#Workgroup but no server to check time against provided. Defaulting to internet to do something
$refTimeServer="de.pool.ntp.org"
}
}
}
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
#Something bad happened. Should never happen
Write-Host "CRITICAL: can't auto detect logon server to check against. Need to specify manually using refTimeServer argument"
exit 2
}
# determine time offset to selected server
$temp=w32tm /stripchart /computer:$refTimeServer /period:1 /dataonly /samples:1
# get last line: time, [+-]00.00000 -> replace 00 by 0, replace +0 by + (for performance data)
$temp=($temp | select -Last 1) -replace (".*, ","") -replace ("\+0","0") -replace ("00\.","0.")
$temp=$temp -replace ("s$","")
# default
$state = "WARNING"
if ($temp -match "^\-?[0-9]+\.[0-9]+$")
{
$output=$temp+"s - checked against "+$refTimeServer
if ([math]::abs($temp) -gt $maxError)
{
$state="CRITICAL"
$exitcode=2
}
elseif ([math]::abs($temp) -gt $maxWarn)
{
$state="WARNING"
$exitcode=1
}
else
{
$state="OK"
$exitcode=0
}
}
else
{
$output="Error: - used $refTimeServer as time server - output:$temp"
$exitcode=2
}
$output=$state+":"+$output+'|'+"offset="+$temp+"s"+";"+$maxWarn+";"+$maxError+";"
Write-Host $output
exit $exitcode
