Windows Drive Space Alerts
Windows Drive Space Alerts By default, LogicMonitor alerts on the percentage used on any drive. This in general is fine, but sometimes not. Let’s imagine you have a 2.2 terabytes drive. You might have your critical threshold set at 90%, which sounds fine, until you realise that you are going to get a critical alert when you still have 220 GB free. In my case that would be a cause for some celebration, not really an urgent need to get up at 3 A.M. and delete files so the world doesn’t end. Now Imagine your 2.2TB drive is divided up as: C: 10 GB (OS) D: 500 GB (Mission critical applications) E: 1 TB (Backups) F: 510 GB (Other Applications) A 90% alert will give you a critical at 1GB,50GB,100GB and 51GB respectively. Now the C: drive may be a cause for concern, but the others not so much. The two application drives you might only be concerned if they have less than 4GB free and the backup less than 10GB. So, we decide to alert on the following C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB You could clone the datasource so you have four copies one for each drive but this is harder to maintain in the future and does not scale well. It would be better if you could somehow get the drive letter and assign a threshold based on that. Logicmonitor’s scripted complex datapoint using groovy to the rescue. The disks datasource queries the class Win32_Volume. We need to use the raw drive letter output from the WMI class so would write a groovy script like: Drive=output["DRIVELETTER"]; return(Drive); This returns C:,D:,E: and F: Not much use as Logicmonitor doesn’t deal with text, only metrics. Let’s beef up the script. drive = output['DRIVELETTER']; freeSpaceLowerLimitGigabyte = '0'; if (drive == 'C:') {freeSpaceLowerLimitGigabyte = '1';} if (drive == 'D:' || drive == 'F:') {freeSpaceLowerLimitGigabyte = '4';} if (drive == 'E:') {freeSpaceLowerLimitGigabyte = '10';} return freeSpaceLowerLimitGigabyte; This returns 1,4,10 and 4 for each drive, now we have a complex datapoint that returns the lowerlimit in GB for each drive dependant on the drive letter. Again, we can’t alert on this so we need another datapoint So we can use this to check if freespace is less than the freeSpaceLowerLimitGigabyte. To do that create a CapacityAlert datapoint using this expression if ( lt (FreeSpace, FreeSpaceLowerLimitGigabyte * 1024000000) , 1, 0) Which breaks down as if freespace is less than the assigned limit for that drive letter then return 1 (which you alert on.) Otherwise return 0. Alert threshold set at = 1 1 1, and we get critical alerts if: C: freespace is <1 GB D: freespace is <4 GB E: freespace is <10 GB F: freespace is <4 GB100Views0likes11CommentsPSA: Collect from windows systems without admin rights
Don't know if anyone else noticed, but MS released a pretty slick script that enables WMI access remotely without admin rights. I have done a brief test with LM and it seems to be working well. https://blogs.technet.microsoft.com/askpfeplat/2018/04/30/delegate-wmi-access-to-domain-controllers/ That's the article. I created an AD group instead of a user to delegate, and I put the LM collector service in that group. Everything else I've followed as documented. I haven't tested anything else, but this alone is a huge step in the right direction.79Views3likes7CommentsLogicMonitor Collector installation on Windows Server Core
Windows Server Coreand(the free) Hyper-V Server Coreare GUI-less versions of Windows that can be administered remotely with GUI tools. We'verecently seen an uptick in requests for deployment of the collector to these platforms, as Windows introduces a lot of overhead with the addition of the GUI; the other compelling reason to go this route being that Hyper-V Core is a free license of Windows from Microsoft (similar to the free flavor of ESXi, only it can run a Windows collector!) Microsoft Documentation: Managing a Server Core Server Configure Server Core with the SConfig command Option A: Remote Desktop Install Establish a remote desktop session to the Server Core server usingthe instructions provided by Microsoft. Within the standard Command shell, type the word "PowerShell" to load a PowerShell session. Add a new (Windows) LogicMonitor Collector in your portal, and select the PowerShell command instead of the download. Paste (and run) the PowerShell command into the open PowerShell windows within the Remote Desktop Session on the Server Core server. You'll see a message indicating that the download has started, and after some time, the normal InstallShield Wizard will launch as expected. Complete the collector account configuration and proceed as you would with an OS with a GUI. Collect on! Additional methods are certainly possible (Windows Admin Center, Remote PowerShell, more?) and as I have a chance to test/ validate, I will continue to update this post.68Views0likes0CommentsWindows Services Check
I have found where I can monitor services for a device and have set up a test to monitor services on the windows device. Is there a way to set this as a datasource? That way I can do the AppliesTo scripting and have specific devices being monitored for specific services they are running? I have about 80 devices and configuring Service Alerts for each of them would take a bit of time, I'm trying to be more efficient.33Views2likes4CommentsCount of Windows Processes
I wrote this DataSource for a customer with a specific requirement, namely, they have a particular application that should spawn and maintain a specific number of processes on Windows machines. Operation: The DataSource finds all processes on the Windows machine and groups and counts based on name - e.g. if there are processes powershell, powershell#1, powershell#2, then the powershell instance will be added and will show a count of 3. Out of the box this DataSource will create instances for *all* processes as reported from the Win32_PerfRawData_PerfProc_Process WMI class, except the "Idle" process and the "_Total" metrics. This behaviour is unlikely to be of great benefit; the main use case will involve editing the filters (and cloning the DS as appropriate) such that it only brings back processes you care about (and not, for example, the dozens of svchost processes that will be present on every Windows machine). Also returned are thread count, file handle count, and working set metrics, each being the sum of the per-process metrics. This is possible as these are instantaneous values. Note that unlike the per-process DataSource, CPU metrics cannot be returned. This is because these metrics are returned by WMI as incremental counters and the appearance and disappearance of individual processes between polls would render any sum meaningless. It is however possible to see combined CPU metrics for multiple processes via manipulation of theWinProcessStats- DataSource (clone and filter for the processes you need) and smart graphs with a sum aggregation. v1.0.0 Exchange Locator ID:XHT4MD Example of instances found: Overview graphs: Per-instance graphs:15Views0likes0CommentsWindows ConfigSources: Active Directory
LogicMonitor's configuration backup product, LMConfig, has traditionally been focused on network device configuration backup and diff alerting. However, like other LogicMonitor LogicModules, we provide the capability to run both Groovy and PowerShell scripts in order to retrieve this information.Given those PowerShell capabilities, we can tap into theWindows Active Directory PowerShell modules and use LogicMonitoras an auditingtool. For example: Query Active Directory for a list of domain computers, and generate an alert if this list changes: Query Active Directory for the Default Domain Password Policy, and generate an alert if it doesn't comply with Microsoft best practices. The current suite of Active Directory ConfigSources consists of (11) ConfigSources that will attempt integrated authentication using a Windows collectors' service account -unless it finds wmi.user and wmi.pass properties set - in which case it will attempt to use those instead. I've published them to Github and they can be downloaded from the ConfigSources repository. *These are "officially unsupported" by LogicMonitor, so please proceed with caution!12Views0likes0CommentsWinIf (Windows Interfaces) with Instance Level Properties
A modified version of the stock WinIf- DataSource, with various Instance Level Properties brought in from the relatedWin32_NetworkAdapter class. Adds: auto.interface.adaptertype auto.interface.macaddress auto.interface.manufacturer auto.interface.netconnectionid auto.interface.netenabled auto.interface.pnpdeviceid auto.interface.servicename Seehttps://msdn.microsoft.com/en-us/library/aa394216(v=vs.85).aspxfor more details on what each of these are, and other ILPs you may choose to further add. v1.3.0: 3LD3EN10Views0likes0CommentsWindows Network Adapters DataSource
Code isTXL3W9 This DataSource provides instances for each of the Network adapters, including the following Instance Level Properties: auto.TcpWindowSize auto.MTU auto.MACAddress auto.IPSubnet auto.IPAddress auto.DNSHostName auto.DNSDomain auto.DefaultIPGateway auto.SettingID auto.Description9Views1like0Comments