30. 06. 2021 Enrico Alberti Icinga Web 2, NetEye

Monitoring Windows Systems through Icinga Powershell Plugins

During migrations from NetEye 3 to NetEye 4, I often run into really outdated monitoring checks in the Windows world, where the last update was more than 10 years ago… and whose logic is therefore now completely obsolete!

The time for change is now!!!

In the last year Icinga released a really interesting project that provides a wide range of check plugins for the new Icinga 2 Agent on Windows Systems: the Icinga Powershell Plugins.

All these plugins require the Icinga PowerShell Framework as a core framework for executing checks and providing Icinga formatted output. This PowerShell module will allow plugins to fetch data from Windows hosts and use them for inventory and monitoring solutions. Together with the Icinga Web 2 module, a detailed overview of Windows infrastructure is then provided.

The available plugins in the latest release (1.5.0) will include:

A basic example?

GOAL: monitoring a Windows folder: file count, size of files, and age

Before:

  • We could use 2 different check plugins from Nagios world (check_file_count, check_file_age), with all the limitations about change younger than, or we could need to install NSClient++ via check_nrpe.
  • We need to create the Service Template and Command definitions under Director

Now:

  • Single check with IcingaCheckDirectory
  • The Command definitions can be automatically imported from a Basket provided by Icinga

Configuration on Windows Host

First of all, we need to install the icinga-powershell-plugins from PowerShell Gallery (instructions can be found at the Icinga Git project)

TIPS:

  • For some checks, older versions of PowerShell not work correctly. We suggest installing/updating PowerShell 5.1 on Windows hosts. For Windows Server 2008 R2 (end-of-support) we suggest following this guide: https://www.rootusers.com/install-powershell-5-windows-server-2008-r2/
  • If you have set the restriction policy on your system, please enable the RemoteSigned for LocalMachine scope.

Using the Get-IcingaCheckCommandConfig command we can export the configuration basket.

Get-IcingaCheckCommandConfig -CheckName Invoke-IcingaCheckDirectory -OutDirectory 'C:\Users\myuser\Documents\'

Configuration on NetEye Director

Now you can navigate to your Icinga Director Basket menu and import the generated file. Afterwards all specified check commands will be available and ready to use.

After that we can create the related Service Template and add the monitoring service on the host.

This check monitors that in a Windows folder (path) there are files (filtered by the FileNames field) that match specified criteria (size, creation, change). These checks can also be recursive on the sub-folder (with the recurse flag).

That’s all! You can add as many checks on files and directories as you want. The checks that you can do with this command are very useful, below is an example of what we implemented on our NetEye Demo Online.

References:

Enrico Alberti

Enrico Alberti

I’ve always been fascinated by the IT world, especially by the security environment and its architectures. The common thread in my working experience is the creation of helpful open-source solutions to easily manage the huge amount of security information. In the past years, my work was especially focused on Cyber Kill Chain, parsing and ELK Stack but in order to start from the beginning... In 2010 I left my birthplace, the lovely Veneto, looking for a new ´cyber´ adventure in Milan. After graduating in Computer Systems and Networks Security, I worked for 6 years as a Cyber Security Consultant.  During the first 5 years, I explored the deep and manifold world of cybersecurity, becoming passionate about open source solutions. After that, I decided to challenge myself joining a Start-up company focusing on SOC services (I’m a proud member of the Blue Team!). In Wuerth IT Italy, I would like to personalize the NetEye System for each one of our customers, in order to develop the perfect product for their needs, by combining all my past experiences and skills.

Author

Enrico Alberti

I’ve always been fascinated by the IT world, especially by the security environment and its architectures. The common thread in my working experience is the creation of helpful open-source solutions to easily manage the huge amount of security information. In the past years, my work was especially focused on Cyber Kill Chain, parsing and ELK Stack but in order to start from the beginning... In 2010 I left my birthplace, the lovely Veneto, looking for a new ´cyber´ adventure in Milan. After graduating in Computer Systems and Networks Security, I worked for 6 years as a Cyber Security Consultant.  During the first 5 years, I explored the deep and manifold world of cybersecurity, becoming passionate about open source solutions. After that, I decided to challenge myself joining a Start-up company focusing on SOC services (I’m a proud member of the Blue Team!). In Wuerth IT Italy, I would like to personalize the NetEye System for each one of our customers, in order to develop the perfect product for their needs, by combining all my past experiences and skills.

Latest posts by Enrico Alberti

28. 12. 2023 Log Management, Log-SIEM, NetEye
Monitor Fleet Elastic Agents with NetEye Extension Packs (NEP)
29. 08. 2023 Log Management, Log-SIEM, NetEye
Configuring the New Fleet Server on Elastic 8
28. 10. 2022 Log Management, Log-SIEM, NetEye
Syslog Collection with Elastic under Distributed NetEye Monitoring
19. 07. 2022 Contribution, NetEye, Unified Monitoring
Integration of Centreon Plugins into NetEye Extension Packs
11. 03. 2022 Log-SIEM, NetEye
NetEye for Data Protection Officers
See All

Related Content

Tags: , , ,

02. 04. 2026 NetEye, Unified Monitoring

Monitoring Ollama in NetEye with ollama-metrics and check_prometheus

Running Ollama locally or on dedicated hardware is straightforward until you need to know whether a model is actually loaded in RAM, how fast it generates tokens under load, or when memory consumption reaches a threshold that affects other workloads. Read More
31. 03. 2026 NetEye

Automating Icinga 2 Agent Builds for IBM Power (ppc64le)

Not long ago, I received an interesting request from one of our client’s Unix teams: They wanted a URL where the latest version of the Icinga 2 agent is always available. An important requirement was that this version should stay Read More
30. 03. 2026 NetEye, Unified Monitoring

SNMP and Non-connected Interfaces

SNMP monitoring is the standard method for obtaining information and metrics from network devices. Typically, we focus on extracting data from a single interface to monitor its status, traffic, or errors. But in many cases, we’re only interested in getting Read More
01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More
27. 11. 2025 NetEye

Deploying a Podman Container for NetEye Plugin Execution

This document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment. Pulling the base image podman pull docker.io/php:8.2-cli Containerfile for Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive