Home Directory Plugins Operating Systems Windows NRPE Check Windows time against AD or target

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Check Windows time against AD or target

Current Version
0.1
Last Release Date
2013-05-06
Compatible With
  • Nagios 3.x
E-mail
License
GPL
Hits
35958
Files:
FileDescription
lotp_check_time.ps1.txtlotp_check_time.ps1.txt
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Check local time against a provided source or AD(autodetect) or pool.ntp.org through NRPE / nsclient++.

Windows Server that are not DC can't be tested through NTP by default.
This powershell script is executed locally and compare time with w32tm tool.

Workflow:

-If reference server is provided, it's used directly.
-If no reference server is provided:
-if domain joined:
Try to use logonserver variable, to get closest live DC.
Else auto find a DC (random) which is not itself and compare time.
Else, use pool.ntp.org
-If workgroup:
use pool.ntp.org

Provide performance data (offset jig) to get graphs
###############################################
Tested Setup:

Monitoring Box:
-Centos 6.4 x64
-Nagios 3.4.4
-check_nrpe 2.13
-Centreon 2.4.2

Windows Server:
-Windows Server 2003 / 2008 R2 / 2012
-nsclient++ 0.4.1 x64 and x86
-tested on both Core & GUI Servers

###############################################

Scripts arguments
The script accept 3 arguments:
-refTimeServer (AD find or pool.ntp.org by default)
-maxWarn (Warning if above, in second) (1 by default)
-maxError (Critical if above, in second) (5 by default)

maxWarn and maxCrit but me integer.
The time is compared in absolute, so it works either the shift is positive or negative

###############################################
Local execution example:

PS C:Program FilesNSClient++scripts> . .lotp_check_time.ps1
OK:-00.0307684s - checked against pool.ntp.org|offset=-00.0307684s;1;5;
PS C:Program FilesNSClient++scripts>

NRPE execution:
[root~]# /usr/lib64/nagios/plugins/check_nrpe -H myserver -n -c check_time -a "myPDCServer" 1 5
OK:+00.0671837s - checked against myPDCServer|'offset'=0.06718s;1;5
[root~]#

###############################################
Installation:
On Windows Servers:
-copy script in folder C:Program FilesNSClient++scripts
-enable powershell script execution without signed : Set-ExecutionPolicy RemoteSigned
-Add to nsclient.ini:
[/settings/external scripts/wrapped scripts]
check_time=lotp_check_time.ps1 -refTimeServer $ARG1$ -maxWarn $ARG2$ -maxError $ARG3$

###############################################
Configuration:

For example, on Centreon:
-Add a new command:
$USER1$/check_nrpe -H $HOSTADDRESS$ -n -c check_time -a "$ARG1$" $ARG2$ $ARG3$

Then add monitoring filling the ARGS.
For graph, enable performance data on the monitoring test
Reviews (1)
byuka-support, January 27, 2017
... but has it's shortcomings.

This is a corrected version (hopefully it doesn't get garbled):

# ====================================================================
# Check time against DC or specified server through NRPE / w32tm
# Author: Mathieu Chateau - LOTP
# mail: mathieu.chateau@lotp.fr
# version 0.1
# corrected and fixes performance data for positive differences by UKA
# ====================================================================

#
# Require Set-ExecutionPolicy RemoteSigned.. or sign this script with your PKI
#

# ============================================================
#
# Do not change anything behind that line!
#
param
(
[string]$refTimeServer,
[int]$maxWarn = 1,
[int]$maxError = 5
)

$output=""
$exitcode=2
$random=
if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
$refTimeServer=$env:LOGONSERVER -replace ('\\',"")
if(($refTimeServer -match "^$|^ $") -or ($env:LOGONSERVER -match $refTimeServer))
{
if((gwmi win32_computersystem).partofdomain -eq $true)
{
#Must use select and not .Name directly. If some DC are down, command will be empty with .Name
$fromAD=@()

foreach ($entry in ((([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | % { $_.DomainControllers }))| select Name))
{
#if this server is a DC, can't check time against itself
if(! (($env:COMPUTERNAME -match $entry) -or ($entry -match $env:COMPUTERNAME)))
{
$fromAD += $entry
}
}
if($fromAD.Count -gt 1)
{
#get a random DC from AD, as no server provided and no logon server could be found
$refTimeServer=(Get-Random -InputObject $fromAD).Name
}
else
{
#only one DC, defaulting to internet
$refTimeServer="de.pool.ntp.org"
}
}
else
{
#Workgroup but no server to check time against provided. Defaulting to internet to do something
$refTimeServer="de.pool.ntp.org"
}
}
}

if(($refTimeServer -eq $null) -or ($refTimeServer -eq "") -or ($refTimeServer -eq " "))
{
#Something bad happened. Should never happen
Write-Host "CRITICAL: can't auto detect logon server to check against. Need to specify manually using refTimeServer argument"
exit 2
}

# determine time offset to selected server
$temp=w32tm /stripchart /computer:$refTimeServer /period:1 /dataonly /samples:1
# get last line: time, [+-]00.00000 -> replace 00 by 0, replace +0 by + (for performance data)
$temp=($temp | select -Last 1) -replace (".*, ","") -replace ("\+0","0") -replace ("00\.","0.")
$temp=$temp -replace ("s$","")

# default
$state = "WARNING"

if ($temp -match "^\-?[0-9]+\.[0-9]+$")
{
$output=$temp+"s - checked against "+$refTimeServer
if ([math]::abs($temp) -gt $maxError)
{
$state="CRITICAL"
$exitcode=2
}
elseif ([math]::abs($temp) -gt $maxWarn)
{
$state="WARNING"
$exitcode=1
}
else
{
$state="OK"
$exitcode=0
}
}
else
{
$output="Error: - used $refTimeServer as time server - output:$temp"
$exitcode=2
}

$output=$state+":"+$output+'|'+"offset="+$temp+"s"+";"+$maxWarn+";"+$maxError+";"
Write-Host $output
exit $exitcode