2

I have a POS system that won't work unless the is logged in to the console session. I was thinking since I already have NSClient++ maybe I could monitor a counter via Nagios.

Is there a counter for this that I can alert if the account is not logged in? Is it '\Terminal Services\Total Sessions' ? Right now that shows 2 sessions for my VM which doesn't entirely make sense to me, unless my remote desktop counts as one and VMWare always uses one...

If I can do this with the check_nt, for me that will probably outweigh potential caveats of a better way, but I am open to ideas.

Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
  • What won't work? Is there an application that must be running that can't be run as a service? Could you elaborate on the problem you're actually trying to solve? – chankster Jul 31 '09 at 13:56
  • chankster: I am looking into running as a service as well since that would be the real solution, but I wanted to know the answer to this question anyways. – Kyle Brandt Jul 31 '09 at 13:59
  • See also [Getting the currently logged-in user to a Windows XP Pro system](http://serverfault.com/questions/531364/getting-the-currently-logged-in-user-to-a-windows-xp-pro-system) for a related (much newer) question which can also be used to do this. – derobert Aug 21 '13 at 16:28

3 Answers3

1

To count the number of logged in users you can see how many winlogon.exe processes are running. (the console session will always take the first)

JamesRyan
  • 8,166
  • 2
  • 25
  • 36
1

XP only allows 1 "interactive" login at a time, whether it is physically at the computer or remotely via RDP. As far as the "console" and remote logins go, XP doesn't care which you are using as whatever process that is supposed to run will run if logged in either way.

You are trying to determine if the user is either logged in or not, but more important (I think) is if the process is running that you want to be running. Why not just check for the running process instead of trying to figure out if the user is logged in or not? What if the process crashed but the user is still logged in?

Looking at the winlogon.exe process is not useful with XP since it runs regardless of whether or not someone is actually logged in. A typical process to look for is explorer.exe running under the username (although that too may crash and can even be killed without logging the user off).

On a Windows system, you can use "psloggedon.exe" from sysinternals (http://technet.microsoft.com/en-us/sysinternals/default.aspx) to look for local logins on the computer with the -l switch - "psloggedon \computername -l". I think the reason you are seeing 2 sessions when you are checking for the count is that the check itself establishes a session to determine how many sessions there are...

Your best bet for using check_nt in nagios looks like it would be to 1) check for the specific process you need running (hopefully it runs all the time) or 2) check for explorer.exe running since that only runs when someone is actually logged in, but like I said isn't a failsafe way to determine if that is the case.

Disclaimer! - I don't use nagios myself and just checked the site here: http://nagiosplugins.org/man/check_nt for plugins that might work for what you need

August
  • 3,114
  • 16
  • 17
  • "Why not just check for the running process instead of trying to figure out if the user is logged in or not?" Yup, that was the thing to do! The original question I was asked was if I could monitor if user was logged in, I should have taken a step back and looked at like you did. – Kyle Brandt Jul 31 '09 at 19:28
1

I don't really know so I am just guessing blindly here and also I dont really understand what you mean by "logged on" since you mention terminal server I assume you mean "attached sessions" (or active sessions).

The following is the counters I have under Terminal Services and seem a reasonable place to start:

\Terminal Services\Total Sessions \Terminal Services\Active Sessions \Terminal Services\Inactive Sessions

And a quick google gives: Active Sessions The total number of sessions that are active, excluding disconnected sessions.

Total Sessions The total number of sessions that are active, including disconnected sessions.

Thus it seems to me you want "Active Sessions" ?

The second reflection is the tool above can easily be used from NSClient++ inside a script but you would have to use NRPE (check_nrpe) to be able to execute the script from nagios and not check_nt).

// Michael Medin

Michael Medin
  • 605
  • 3
  • 5