Home Directory Plugins Operating Systems Windows NRPE Check Windows time against AD or target

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Check Windows time against AD or target

Current Version
0.1
Last Release Date
2013-05-06
Compatible With
  • Nagios 3.x
License
GPL
Hits
43732
Files:
FileDescription
lotp_check_time.ps1.txtlotp_check_time.ps1.txt
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Check local time against a provided source or AD(autodetect) or pool.ntp.org through NRPE / nsclient++.

Windows Server that are not DC can't be tested through NTP by default.
This powershell script is executed locally and compare time with w32tm tool.

Workflow:

-If reference server is provided, it's used directly.
-If no reference server is provided:
-if domain joined:
Try to use logonserver variable, to get closest live DC.
Else auto find a DC (random) which is not itself and compare time.
Else, use pool.ntp.org
-If workgroup:
use pool.ntp.org

Provide performance data (offset jig) to get graphs
###############################################
Tested Setup:

Monitoring Box:
-Centos 6.4 x64
-Nagios 3.4.4
-check_nrpe 2.13
-Centreon 2.4.2

Windows Server:
-Windows Server 2003 / 2008 R2 / 2012
-nsclient++ 0.4.1 x64 and x86
-tested on both Core & GUI Servers

###############################################

Scripts arguments
The script accept 3 arguments:
-refTimeServer (AD find or pool.ntp.org by default)
-maxWarn (Warning if above, in second) (1 by default)
-maxError (Critical if above, in second) (5 by default)

maxWarn and maxCrit but me integer.
The time is compared in absolute, so it works either the shift is positive or negative

###############################################
Local execution example:

PS C:Program FilesNSClient++scripts> . .lotp_check_time.ps1
OK:-00.0307684s - checked against pool.ntp.org|offset=-00.0307684s;1;5;
PS C:Program FilesNSClient++scripts>

NRPE execution:
[root~]# /usr/lib64/nagios/plugins/check_nrpe -H myserver -n -c check_time -a "myPDCServer" 1 5
OK:+00.0671837s - checked against myPDCServer|'offset'=0.06718s;1;5
[root~]#

###############################################
Installation:
On Windows Servers:
-copy script in folder C:Program FilesNSClient++scripts
-enable powershell script execution without signed : Set-ExecutionPolicy RemoteSigned
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_time=lotp_check_time.ps1 -refTimeServer $ARG1$ -maxWarn $ARG2$ -maxError $ARG3$

###############################################
Configuration:

For example, on Centreon:
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_time -a "$ARG1$" $ARG2$ $ARG3$

Then add monitoring filling the ARGS.
For graph, enable performance data on the monitoring test
Reviews (2)
On Windows servers, I believe the nsclient.ini is now renamed to NSC.ini on newer nagios XI agent installations.
Change is under the "C:Program FilesNSClient++scripts" section and it should be;
"-Add to NSC.ini"

Also, if you haven't enabled or used NRPE checks, this is a good read with the main reminder to be that you need to restart your NSClient++ service after making changes to your NSC.ini file - https://assets.nagios.com/downloads/nagiosxi/docs/Enabling-The-NRPE-Listener-In-NSClient-0.3.x.pdf

Lastly, if you're running the latest version of Nagios XI, where the instructions say to add a new command, I had to replace the -n with a -2 or else I would get version errors. ie.
$USER1$/check_nrpe -H $HOSTADDRESS$ -2 -c check_time -a "$ARG1$" $ARG2$ $ARG3$
byuka-support, January 27, 2017
1 of 1 people found this review helpful
... but has it's shortcomings.

This is a corrected version (hopefully it doesn't get garbled):

# ====================================================================
# Check time against DC or specified server through NRPE / w32tm
# Author: Mathieu Chateau - LOTP
# mail: mathieu.chateau@lotp.fr
# version 0.1
# corrected and fixes performance data for positive differences by UKA
# ====================================================================

#
# Require Set-ExecutionPolicy RemoteSigned.. or sign this script with your PKI
#

# ============================================================
#
# Do not change anything behind that line!
#
param
(
[string]$refTimeServer,
[int]$maxWarn = 1,
[int]$maxError = 5
)

$output=""
$exitcode=2
$random=
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
$refTimeServer=$env:LOGONSERVER -replace ('\\',"")
if(($refTimeServer -match "^$|^ $") -or ($env:LOGONSERVER -match $refTimeServer))
{
if((gwmi win32_computersystem).partofdomain -eq $true)
{
#Must use select and not .Name directly. If some DC are down, command will be empty with .Name
$fromAD=@()

foreach ($entry in ((([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | % { $_.DomainControllers }))| select Name))
{
#if this server is a DC, can't check time against itself
if(! (($env:COMPUTERNAME -match $entry) -or ($entry -match $env:COMPUTERNAME)))
{
$fromAD += $entry
}
}
if($fromAD.Count -gt 1)
{
#get a random DC from AD, as no server provided and no logon server could be found
$refTimeServer=(Get-Random -InputObject $fromAD).Name
}
else
{
#only one DC, defaulting to internet
$refTimeServer="de.pool.ntp.org"
}
}
else
{
#Workgroup but no server to check time against provided. Defaulting to internet to do something
$refTimeServer="de.pool.ntp.org"
}
}
}

if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
#Something bad happened. Should never happen
Write-Host "CRITICAL: can't auto detect logon server to check against. Need to specify manually using refTimeServer argument"
exit 2
}

# determine time offset to selected server
$temp=w32tm /stripchart /computer:$refTimeServer /period:1 /dataonly /samples:1
# get last line: time, [+-]00.00000 -> replace 00 by 0, replace +0 by + (for performance data)
$temp=($temp | select -Last 1) -replace (".*, ","") -replace ("\+0","0") -replace ("00\.","0.")
$temp=$temp -replace ("s$","")

# default
$state = "WARNING"

if ($temp -match "^\-?[0-9]+\.[0-9]+$")
{
$output=$temp+"s - checked against "+$refTimeServer
if ([math]::abs($temp) -gt $maxError)
{
$state="CRITICAL"
$exitcode=2
}
elseif ([math]::abs($temp) -gt $maxWarn)
{
$state="WARNING"
$exitcode=1
}
else
{
$state="OK"
$exitcode=0
}
}
else
{
$output="Error: - used $refTimeServer as time server - output:$temp"
$exitcode=2
}

$output=$state+":"+$output+'|'+"offset="+$temp+"s"+";"+$maxWarn+";"+$maxError+";"
Write-Host $output
exit $exitcode