Automatic grouping by service status

A customer recently requested assistance with grouping some of their hosts that were running a particular service. This can be achieved by a combination of Active Discovery, Dynamic Groups, PropertySources, and of course functioning WMI. ?

First, we have to figure out how to dynamically group these. We can rely on a custom query to automatically match the devices we want to see, but must depend on the properties from a device’s Info tab for any evaluation. We can use a PropertySource to do some of this work for us, and have it perform a check for the service and apply a property if it is found.

Let's confirm we can query this host, and see how it identifies itself. I can query the win32_service class for a test host and see what gets returned:

Great, so I've found an example of the service I want, and can reference its NAME attribute in our PropertySource to check for a match and determine if a host has this service installed.

This PropertySource runs a WMI query against the win32_service class, looking for the NAME of the service as it’s report as an attribute. If it finds a match, it checks to see if it’s running, and if those two pass it applies a property called "auto.GoldenEye" to the device. 

The nice thing about this PropertySource is that if discovery finds the device no longer runs the installed service, it will remove the autoproperty, and thus remove it from the dynamic group. This allows you to have a top level view of only those devices with the service actually running.

 

 

 

 

 

 

 

 

 

 

 

 

Now that we have a method to automatically flag the service we want to track, we can reference this property name in our Dynamic Group query. This is a simple boolean check to see if the property is applied to any given host

 

 

As an optional step, but highly advised, we can add the services as monitored instances. You may already know that running services can be added into LM through the Add Other Monitoring option in the UI, but this can become cumbersome if you want to add the same or multiple services into monitoring for many devices. Since the wizard in the link above is just a frontend for the WinServices datasource, we can work with a clone of it, enable Active Discovery to automatically apply to eligible devices, and utilize filtering to specify which services to monitor. Here I've specified that I want it to match by the DISPLAYNAME attribute of the win32_service class:

Once this is applied, discovery automatically checks each host for the desired service, and returns it as an alertable instance so you can be notified when it is not running or has degraded performance. 

 

Further reading:

LogicMonitor Scripting

Monitoring Processes and Services

Creating PropertySources

PropertySource embedded Groovy script example:

import com.santaba.agent.groovyapi.win32.WMI
import com.santaba.agent.groovyapi.win32.WMISession

// Set hostname
def hostname = hostProps.get('system.hostname');

// Form the full query.
def wmiQuery = "Select name,state from Win32_Service Where name='someservicenameNOTdisplayname'";

try
{
    // using default namespace
    def session = WMI.open(hostname); 
    def result = session.queryFirst("CIMv2", wmiQuery, 10); 

    // Did we get anything?
    if (result.STATE == "Running")
    {
        // Yes, apply the properties
        println 'auto.somedesiredpropname=yes'
    }
}
catch(Exception e)
{
    println e
    return 1;
}

// Exit by returning 0.
return 0;