Monitoring Windows Systems through Icinga Powershell Plugins
During migrations from NetEye 3 to NetEye 4, I often run into really outdated monitoring checks in the Windows world, where the last update was more than 10 years ago… and whose logic is therefore now completely obsolete!
The time for change is now!!!
In the last year Icinga released a really interesting project that provides a wide range of check plugins for the new Icinga 2 Agent on Windows Systems: the Icinga Powershell Plugins.
All these plugins require the Icinga PowerShell Framework as a core framework for executing checks and providing Icinga formatted output. This PowerShell module will allow plugins to fetch data from Windows hosts and use them for inventory and monitoring solutions. Together with the Icinga Web 2 module, a detailed overview of Windows infrastructure is then provided.
The available plugins in the latest release (1.5.0) will include:
GOAL: monitoring a Windows folder: file count, size of files, and age
Before:
We could use 2 different check plugins from Nagios world (check_file_count, check_file_age), with all the limitations about change younger than, or we could need to install NSClient++ via check_nrpe.
We need to create the Service Template and Command definitions under Director
Now:
Single check with IcingaCheckDirectory
The Command definitions can be automatically imported from a Basket provided by Icinga
Configuration on Windows Host
First of all, we need to install the icinga-powershell-plugins from PowerShell Gallery (instructions can be found at the Icinga Git project)
Now you can navigate to your Icinga Director Basket menu and import the generated file. Afterwards all specified check commands will be available and ready to use.
After that we can create the related Service Template and add the monitoring service on the host.
This check monitors that in a Windows folder (path) there are files (filtered by the FileNames field) that match specified criteria (size, creation, change). These checks can also be recursive on the sub-folder (with the recurse flag).
That’s all! You can add as many checks on files and directories as you want. The checks that you can do with this command are very useful, below is an example of what we implemented on our NetEye Demo Online.
I’ve always been fascinated by the IT world, especially by the security environment and its architectures.
The common thread in my working experience is the creation of helpful open-source solutions to easily manage the huge amount of security information.
In the past years, my work was especially focused on Cyber Kill Chain, parsing and ELK Stack but in order to start from the beginning...
In 2010 I left my birthplace, the lovely Veneto, looking for a new ´cyber´ adventure in Milan. After graduating in Computer Systems and Networks Security, I worked for 6 years as a Cyber Security Consultant.
During the first 5 years, I explored the deep and manifold world of cybersecurity, becoming passionate about open source solutions. After that, I decided to challenge myself joining a Start-up company focusing on SOC services (I’m a proud member of the Blue Team!).
In Wuerth Phoenix, I would like to personalize the NetEye System for each one of our costumers, in order to develop the perfect product for their needs, by combining all my past experiences and skills.
Author
Enrico Alberti
I’ve always been fascinated by the IT world, especially by the security environment and its architectures.
The common thread in my working experience is the creation of helpful open-source solutions to easily manage the huge amount of security information.
In the past years, my work was especially focused on Cyber Kill Chain, parsing and ELK Stack but in order to start from the beginning...
In 2010 I left my birthplace, the lovely Veneto, looking for a new ´cyber´ adventure in Milan. After graduating in Computer Systems and Networks Security, I worked for 6 years as a Cyber Security Consultant.
During the first 5 years, I explored the deep and manifold world of cybersecurity, becoming passionate about open source solutions. After that, I decided to challenge myself joining a Start-up company focusing on SOC services (I’m a proud member of the Blue Team!).
In Wuerth Phoenix, I would like to personalize the NetEye System for each one of our costumers, in order to develop the perfect product for their needs, by combining all my past experiences and skills.
Rules and standards are important. In a world based on collaboration, following a well defined behavior is key for avoiding errors based on some sort of misunderstanding. This is also true for the world of information technology: someone releases software Read More
Director is one of the most important modules in NetEye 4 because it's used for managing, automating and deploying the configurations of all monitored objects. In all our projects we use automation in Director: through the Import and Synchronization rules Read More
As you have surely read from the release notes of NetEye 4.27, we have integrated ClickHouse to be able to use the historical flows and alerts feature of ntopng. What is ClickHouse? Directly from the official website: ClickHouse is a Read More
Scenario Veeam Backup & Replication product is widely used for backuping virtual machines, primary hosted on VMware vSphere infrastructure. It could also backup physical machines through dedicated agents. It’s very important to keep the backup status monitored: it would be Read More
Last time I wrote about how you can have incoming SMS messages sent to the Tornado Engine so that you can make Tornado Rules to process them. This time I'd like to show you a real use case where we Read More