Search the Community

Showing results for tags 'Windows'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • LogicModule Exchange
    • LM Exchange
    • LM Staff Contributions
  • Product Announcements
    • LogicMonitor Notices
  • LogicMonitor Product Q&A
    • Feature Requests
    • Ask the Community
    • From the Front

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 31 results

  1. David Lee

    Windows Drive Space Alerts

    Windows Drive Space Alerts By default, LogicMonitor alerts on the percentage used on any drive. This in general is fine, but sometimes not. Let’s imagine you have a 2.2 terabytes drive. You might have your critical threshold set at 90%, which sounds fine, until you realise that you are going to get a critical alert when you still have 220 GB free. In my case that would be a cause for some celebration, not really an urgent need to get up at 3 A.M. and delete files so the world doesn’t end. Now Imagine your 2.2TB drive is divided up as: C: 10 GB (OS) D: 500 GB (Mission critical applications) E: 1 TB (Backups) F: 510 GB (Other Applications) A 90% alert will give you a critical at 1GB,50GB,100GB and 51GB respectively. Now the C: drive may be a cause for concern, but the others not so much. The two application drives you might only be concerned if they have less than 4GB free and the backup less than 10GB. So, we decide to alert on the following C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB You could clone the datasource so you have four copies one for each drive but this is harder to maintain in the future and does not scale well. It would be better if you could somehow get the drive letter and assign a threshold based on that. Logicmonitor’s scripted complex datapoint using groovy to the rescue. The disks datasource queries the class Win32_Volume. We need to use the raw drive letter output from the WMI class so would write a groovy script like: Drive=output["DRIVELETTER"]; return(Drive); This returns C:,D:,E: and F: Not much use as Logicmonitor doesn’t deal with text, only metrics. Let’s beef up the script. drive = output['DRIVELETTER']; freeSpaceLowerLimitGigabyte = '0'; if (drive == 'C:') {freeSpaceLowerLimitGigabyte = '1';} if (drive == 'D:' || drive == 'F:') {freeSpaceLowerLimitGigabyte = '4';} if (drive == 'E:') {freeSpaceLowerLimitGigabyte = '10';} return freeSpaceLowerLimitGigabyte; This returns 1,4,10 and 4 for each drive, now we have a complex datapoint that returns the lowerlimit in GB for each drive dependant on the drive letter. Again, we can’t alert on this so we need another datapoint So we can use this to check if freespace is less than the freeSpaceLowerLimitGigabyte. To do that create a CapacityAlert datapoint using this expression if ( lt (FreeSpace, FreeSpaceLowerLimitGigabyte * 1024000000) , 1, 0) Which breaks down as if freespace is less than the assigned limit for that drive letter then return 1 (which you alert on.) Otherwise return 0. Alert threshold set at = 1 1 1, and we get critical alerts if: C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB
  2. mkerfoot

    RDP Sessions

    RDP Sessions - ACTXKD Kind regards, Matthew Kerfoot
  3. Just a quick question about LogicMonitor, Does LogicMonitor support Windows Server 2019? In terms of the Collector software? Thank you
  4. cp1jack

    Windows Activation

    Published with lmLocator: FHGN6P This datasource will check the activation status of Windows and alert if a 1 (licensed) is not returned
  5. Windows Server Core and (the free) Hyper-V Server Core are GUI-less versions of Windows that can be administered remotely with GUI tools. We've recently seen an uptick in requests for deployment of the collector to these platforms, as Windows introduces a lot of overhead with the addition of the GUI; the other compelling reason to go this route being that Hyper-V Core is a free license of Windows from Microsoft (similar to the free flavor of ESXi, only it can run a Windows collector!) Microsoft Documentation: Managing a Server Core Server Configure Server Core with the SConfig command Option A: Remote Desktop Install Establish a remote desktop session to the Server Core server using the instructions provided by Microsoft. Within the standard Command shell, type the word "PowerShell" to load a PowerShell session. Add a new (Windows) LogicMonitor Collector in your portal, and select the PowerShell command instead of the download. Paste (and run) the PowerShell command into the open PowerShell windows within the Remote Desktop Session on the Server Core server. You'll see a message indicating that the download has started, and after some time, the normal InstallShield Wizard will launch as expected. Complete the collector account configuration and proceed as you would with an OS with a GUI. Collect on! Additional methods are certainly possible (Windows Admin Center, Remote PowerShell, more?) and as I have a chance to test/ validate, I will continue to update this post.
  6. Brandon

    DFSR Replication Backlog

    XKJNGZ Uses Powershell to make WMI queries to get the current backlog file count for each outbound DFSR partner on each DFSR share. These queries can be expensive if the backlog is large, so the polling interval is set to 10 minutes. If there is no backlog, the script finishes quickly. No default alerting is set, but I would recommend adding a threshold to be notified of potential replication issues. NOTE* - The collector must be able to reach both DFSR partners and will use the same credentials to make the queries for both.
  7. Exporting Netflow from Windows with FlowTraq Exporter NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this case Windows - to a Netflow collector (LogicMonitor) for traffic analysis. Instructions 1.) Register for and download the free FlowTraq Exporter. 2.) Download WinPcap (Windows packet capture library). 3.) Install WinPcap on the server you wish to export Netflow data from. 4.) Install and configure Flowtraq Exporter on the server you wish to export Netflow data from. - Select an interface from which to export Netflow data on the server. - Point the Netflow export data to the LogicMonitor Collector that will be monitoring the device and ingesting the flow data. - The LogicMonitor collector listens for Netflow on port 2055 out-of-box. 5.) Stop the Windows service "ProQueSys Flow Export." 6.) Edit the configuration file located at "C:\Program Files (x86)\ProQueSys\Exporter\flowexport.conf" - Change the bit that says "nf9" to "nf5" to export Netflow in a compatible format. 7.) Start the Windows service 'ProQueSys Flow Export.' 8.) Make sure the device is in LogicMonitor and has Netflow collection enabled, pointing to the correct collector. 9.) Give LogicMonitor 5-10 minutes to start processing the flow traffic and soon you'll have some flow data on the device Traffic tab.
  8. Antony Hawkins

    Count of Windows Processes

    I wrote this DataSource for a customer with a specific requirement, namely, they have a particular application that should spawn and maintain a specific number of processes on Windows machines. Operation: The DataSource finds all processes on the Windows machine and groups and counts based on name - e.g. if there are processes powershell, powershell#1, powershell#2, then the powershell instance will be added and will show a count of 3. Out of the box this DataSource will create instances for *all* processes as reported from the Win32_PerfRawData_PerfProc_Process WMI class, except the "Idle" process and the "_Total" metrics. This behaviour is unlikely to be of great benefit; the main use case will involve editing the filters (and cloning the DS as appropriate) such that it only brings back processes you care about (and not, for example, the dozens of svchost processes that will be present on every Windows machine). Also returned are thread count, file handle count, and working set metrics, each being the sum of the per-process metrics. This is possible as these are instantaneous values. Note that unlike the per-process DataSource, CPU metrics cannot be returned. This is because these metrics are returned by WMI as incremental counters and the appearance and disappearance of individual processes between polls would render any sum meaningless. It is however possible to see combined CPU metrics for multiple processes via manipulation of the WinProcessStats- DataSource (clone and filter for the processes you need) and smart graphs with a sum aggregation. v1.0.0 Exchange Locator ID: XHT4MD Example of instances found: Overview graphs: Per-instance graphs:
  9. Don't know if anyone else noticed, but MS released a pretty slick script that enables WMI access remotely without admin rights. I have done a brief test with LM and it seems to be working well. https://blogs.technet.microsoft.com/askpfeplat/2018/04/30/delegate-wmi-access-to-domain-controllers/ That's the article. I created an AD group instead of a user to delegate, and I put the LM collector service in that group. Everything else I've followed as documented. I haven't tested anything else, but this alone is a huge step in the right direction.
  10. mkerfoot

    Download Speed

    WALDXL - Download Speed This datasource will run a PowerShell script that downloads a 10MB file and then figures out the speed in Mbps that it was downloaded. CAUTION: This datasource will download a 10Mb file for every Windows machine specified in the applies to field(default is not applied),every poll(deafult is 20 minutes), depending on your environment this could raise the price for your monthly ISP bill. Specifically if your ISP speeds ramp up when needed. I would recommend applying this to: hasCategory("speed") and isWindows() The of course you just need to add the system.property of speed to any Windows machine you want to monitor Download Speed on.
  11. Nicklas Karlsson

    WIndows DHCP with Kerberos

    Hi, Maybe the community are intressted in using collectors as stand-alone outside a domain (in a workgroup).. We are and have ran into all possible effects of it... one thing is to monitor Windows DHCP Servers that ar joined to a domain. THen you need to authenticate against some classes to discover and to get metrics. Had some chat sessions with the LM support and they got me closer to the solution.. But I solved it finally using credentials to discover and inventory the DHCP server and Scopes with powershell using domain credentials on my collector in a workgroup Here they Are Microsoft DHCP Scopes: 6R7ZKC Microsoft DHCP Server: Z2JTFN Enjoy!!
  12. joshlowit1

    Windows Services Check

    I have found where I can monitor services for a device and have set up a test to monitor services on the windows device. Is there a way to set this as a datasource? That way I can do the AppliesTo scripting and have specific devices being monitored for specific services they are running? I have about 80 devices and configuring Service Alerts for each of them would take a bit of time, I'm trying to be more efficient.
  13. Useful for inventory, auditing, and auto-grouping. Displays the a list of all installed Windows Features separated by commas. Example below. auto.winfeatures [Active Directory Lightweight Directory Services, .NET Framework 3.5.1 Features, Telnet Client, Remote Server Administration Tools, .NET Framework 3.5.1, Role Administration Tools, AD LDS Snap-Ins and Command-Line Tools, AD DS and AD LDS Tools, Active Directory module for Windows PowerShell] WMN9DN
  14. Brandon

    Win_Shares

    T4WZC3 Initially I created this to monitor the status of DFS shares, but can be used on any Windows share. Monitors for the status as indicated by Microsoft's MSDN site here https://msdn.microsoft.com/en-us/library/aa394435(v=vs.85).aspx Graphs allow you to easily see the status over time.
  15. Code is TXL3W9 This DataSource provides instances for each of the Network adapters, including the following Instance Level Properties: auto.TcpWindowSize auto.MTU auto.MACAddress auto.IPSubnet auto.IPAddress auto.DNSHostName auto.DNSDomain auto.DefaultIPGateway auto.SettingID auto.Description
  16. Hello All, I am trying to get 4 Windows to switch every 10 seconds between the different windows - I can do this when the windows have different names but I am facing an issue that i am using LogicMonitor for 3 different dashboards. So the 2 windows mentioned for LogicMonitor are different windows/different dashboards - How can I get my script to identify them as different windows and make them switch between the 2 ?ex: Cassandra Hope this makes sense..... Here is thes script I have: Option Explicit Dim WshShell Set WshShell = WScript.CreateObject("WScript.Shell") Dim count Count = 0 Do While Count < 5 WScript.Sleep 10000 WshShell.AppActivate("LogicMonitor - Test123 - dashboard - Google Chrome") WshShell.SendKeys ("%X") WScript.Sleep 10000 WshShell.AppActivate("LogicMonitor - Test123 - dashboard - Google Chrome") WshShell.SendKeys ("%X") WScript.Sleep 10000 WshShell.AppActivate("MQ Dashboard - Google Chrome") WshShell.SendKeys ("%X") Help Me On This! Thanks
  17. @Dave Lee Q came up with idea this initially, then we kicked it around a bit refining it, tweaking it, and completely rewriting it, before finally settling on this version. What it does: Creates auto.interfaceindex_X.YYY property sources for every network interface with a MAC address on a Windows device. auto.interfaceindex_<interfaceIndex>.mac auto.interfaceindex_<interfaceIndex>.name auto.interfaceindex_<interfaceIndex>.netconnectionid Additionally, it creates a single auto.device.macaddresses property containing a semi-colon separated list of all MAC addresses on the device (to make life easier if you want to create and search a Device Inventory Report, for example). For details of the values returned, see Microsoft's documentation at: https://msdn.microsoft.com/en-us/library/aa394216(v=vs.85).aspx v1.2.0: 6AKP47 It'll give you something a little bit like this: You might also be interested in this mod of the WinIf- datasource, which finds and stores MAC addresses (and other properties) of monitored interfaces as Instance Level Properties:
  18. A modified version of the stock WinIf- DataSource, with various Instance Level Properties brought in from the related Win32_NetworkAdapter class. Adds: auto.interface.adaptertype auto.interface.macaddress auto.interface.manufacturer auto.interface.netconnectionid auto.interface.netenabled auto.interface.pnpdeviceid auto.interface.servicename See https://msdn.microsoft.com/en-us/library/aa394216(v=vs.85).aspx for more details on what each of these are, and other ILPs you may choose to further add. v1.3.0: 3LD3EN
  19. rschiefer

    svchost.exe_WinRM Error

    We are seeing a sporadic (every couple days) error where the Window Remote Management service (svchost.exe_WinRM) dies along with several other services (DNS Client, Workstation, etc). This causes our App Pool Memory Usage graph to stop logging data until we re-enable the WinRM service. Here are the details from the error in the Event Viewer: Seconds before this happens our LogicMonitor service account has Event Log entries for the registry and file system. Has anyone else seen this error in conjunction with LogicMonitor?
  20. WARNING - This propertysource pulls a list of all Windows services installed. This does not filter the services to only show running or auto-starting services. Useful for auditing, auto-grouping, and inventory. Example below Displays the a list of all installed Windows Services. auto.winservices [AeLookupSvc, ALG, AppIDSvc, Appinfo, AppMgmt, aspnet_state, AudioEndpointBuilder, AudioSrv, BESClient, BESClientHelper, BFE, BITS, Browser, CertPropSvc, clr_optimization_v2.0.50727_32, clr_optimization_v2.0.50727_64, clr_optimization_v4.0.30319_32, clr_optimization_v4.0.30319_64, COMSysApp, CryptSvc, DcomLaunch, defragsvc, Dhcp, DiagTrack, Dnscache, dot3svc, DPS, EapHost, EFS, eventlog, EventSystem, FCRegSvc, fdPHost, FDResPub, FontCache, FontCache3.0.0.0, gpsvc, hidserv, hkmsvc, idsvc, IEEtwCollectorService, IKEEXT, IPBusEnum, iphlpsvc, KeyIso, KtmRm, LanmanServer, LanmanWorkstation, lltdsvc, lmhosts, MMCSS, MpsSvc, MSDTC, MSiSCSI, msiserver, MSSQL$SVSSDB, MSSQLFDLauncher$SVSSDB, MSSQLServerADHelper100, napagent, Netlogon, Netman, NetMsmqActivator, NetPipeActivator, netprofm, NetTcpActivator, NetTcpPortSharing, NlaSvc, nsi, PerfHost, pla, PlugPlay, PolicyAgent, Power, ProfSvc, ProtectedStorage, RasAuto, RasMan, RemoteAccess, RemoteRegistry, RpcEptMapper, RpcLocator, RpcSs, RSoPProv, sacsvr, SamSs, SCardSvr, Schedule, SCPolicySvc, seclogon, SENS, SessionEnv, SharedAccess, ShellHWDetection, SNMPTRAP, Spooler, sppsvc, sppuinotify, SQLAgent$SVSSDB, SQLBrowser, SQLWriter, SSDPSRV, SstpSvc, swprv, TapiSrv, TermService, THREADORDER, TrkWks, TrustedInstaller, UI0Detect, UmRdpService, upnphost, UxSms, VaultSvc, vds, VGAuthService, VMTools, vmvss, VMware Physical Disk Helper Service, VSS, W32Time, WcsPlugInService, WdiServiceHost, WdiSystemHost, Wecsvc, wercplsupport, WerSvc, WinHttpAutoProxySvc, Winmgmt, WinRM, wmiApSrv, WPDBusEnum, WRSVC, wuauserv, wudfsvc] Z4LHDZ
  21. Brandon

    DFSR Connections

    D4KEAM Monitors and graphs the performance of each DFS replication member. No default alerting.
  22. Brandon

    DFS Services

    ML9PNG Monitors the status of all DFS and DFSR required services: DFS Namespace, DFS Replication, and DNS Client.
  23. The WannaCry ransomware attack has been a topic of much discussion in the last few days - and a source of much consternation for system administrators. One of the attack vectors used by WannaCry to spread is a vulnerability in the SMBv1 protocol commonly included with Windows operating systems. This embedded PowerShell datasource reaches out to Windows devices in a LogicMonitor account, and runs the "Get-SMBServerConfiguration" command (available only in Windows Server 2012 and newer) to see if SMBv1 is enabled, and if it is, it will generate a Warning alert for that device (caveat: SMBv1 is enabled by default, this has the potential to generate A LOT of alerts.) We understand that many affected systems will be older than Windows Server 2012 - here is some Microsoft-provided information on how to triage those older operating systems. The datasource name is SMBv1_Protocol_Enabled and has lmLocator FWJKKX.
  24. Gerrit

    Collector changes

    Hi All, Could you please consider the following as product feature. To make changes to the "Configure LogicMonitor Collector" without the need to uninstall and reinstall the collector. For example the error stating that your credential is wrong no you need to schedule down time just to uninstall and reinstall the collector where you can just simply modify your credential which take you 5 sec to do. Thank you! Looking forward to the out come. Kind Regards Gerrit
  25. So this is less of an ask the community and more of a show the community. Ive written some Ruby code that makes it much much easier to use the LogicMonitor API. It does all the signing for you so you can just focus on your API calls and worry less about the secure signing. https://gist.github.com/ITJamie/4937de9139c682c02c34ff2d17051d58 It uses the following rest-client library https://github.com/rest-client/rest-client and injects the authentication method into the rest-client library. Ive included some examples of usage in my gist. Let me know if your having difficulty and i will test and patch as needed For an example of how easy this makes using the Rest API temp_url = @URL + '/service/services' response = RestClient.get(temp_url) # Printing API server response puts "\nServer response: #{response}"