WMI Module Issues

[luis.gomez]

Like it

Up

0

Down

Drop it

::

Hello FIASIT,

Checks the module type based on the data received by the WMI query execution.

Kind regards,
Luis.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hello FIASIT,

Checks the module type based on the data received by the WMI query execution.

Kind regards,
Luis.

the module type is set to Generic boolean (generic_proc) It does not appear to be able to be changed.
I set this module up using the built-in list in add modules under the module template section.

[luis.gomez]

Like it

Up

0

Down

Drop it

::

Hello FIASIT,

You can create a new module, type Generic String.

Kind regards,
Luis.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hello FIASIT,

You can create a new module, type Generic String.

Kind regards,
Luis.

I have created a new module as suggested but still getting an error in the log

[V10] Updating module WMI-Service(WindowsDefender_statu) (ID 45) on error.

[vic]

Like it

Up

0

Down

Drop it

::

Hi FIASIT,

Can you say me the version of your Pandora server?
For now you can add a module in the configuration file of your Windows Agent.

module_begin
module_name Windows Defender
module_type generic_data_string
module_wmiquery SELECT * FROM Win32_Service WHERE Name="WinDefend"
module_wmicolumn State
module_str_critical Stopped
module_end

Best regards,

vic.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hi FIASIT,

Can you say me the version of your Pandora server?
For now you can add a module in the configuration file of your Windows Agent.

module_begin
module_name Windows Defender
module_type generic_data_string
module_wmiquery SELECT * FROM Win32_Service WHERE Name="WinDefend"
module_wmicolumn State
module_str_critical Stopped
module_end

Best regards,

vic.

Thanks for getting back to us.
I have added the module in the agent config file and it is now showing up in the Pandora console.

The version of Pandora we are running 7.0NG.707 (P) 170711

Thanks

[vic]

Like it

Up

0

Down

Drop it

::

Hi FIASIT,

The version 707 have a bug that not allow adding WMI modules inside the same agent of the query, on the last version the problem is solved.
Thanks for reporting.

vic.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Thanks will give the new version a try.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hi again,
we have built a new server running:
Pandora FMS Build PC170810
Pandora FMS Version v7.0NG.710

We are still having issues when we add wmi modules. I have again tested from the console and the wmic query runs fine and give the result we are expecting but the module always shows as not initialized in the web console and the server log shows the same error message as the previous version we were running.

Any advice?

[dkoel]

Like it

Up

0

Down

Drop it

::

Same problem here.

[vic]

Like it

Up

0

Down

Drop it

::

Hi FIASIT, dkoel,

I’m trying to replicate the problem, but I can’t. I add all modules with the WMI wizard to Windows Agent, and all is initialised.
You need use a user with admin privileges and this user have permissions to make WMI querys.
A guide: https://technet.microsoft.com/en-us/library/cc771551(v=ws.11).aspx

Best regards,

vic.

[dkoel]

Like it

Up

0

Down

Drop it

::

Hi Vic,

Thanks for the reply. Here’s some extra info.

Here’s the part from my pandora_server.log:

2017-08-16 21:31:12 localhost.localdomain [V9] Executing AM # 17 WMI command 'wmic -U "[email protected]"%"P@ssw0rd" //192.168.100.1 "SELECT FreeSpace FROM Win32_LogicalDisk WHERE DeviceID = 'C:'"'
2017-08-16 21:31:12 localhost.localdomain [V10] Updating module Free disk (ID 17) on error.

When I execute the command from the terminal, I get the correct response:

[root@localhost ~]# wmic -U "[email protected]"%"P@ssw0rd" //192.168.100.1 "SELECT FreeSpace FROM Win32_LogicalDisk WHERE DeviceID = 'C:'"
CLASS: Win32_LogicalDisk
DeviceID|FreeSpace
C:|120187482112
[root@localhost ~]#

I’ve reinstalled the server from CentOS Appliance ISO (PandoraFMS7.0NG.709.x86_64.iso) and from the VMware OVF. I’ve updated both to the version below. The CentOS Appliance ISO worked well with the “yum update” to v7.0NG.710, but the VMware OVF bricked my mysql database connection (that’s another issue): 

Pandora FMS Build
PC170810
Pandora FMS Version
v7.0NG.710

Don’t know if you can replicate the issue with this information.

Edit 1: It seems to have something to do with the “Create a new WMI server module” functionality. When I use this method, the module stays uninitialized. When I use the WMI explorer and add the module, all is working fine.

Edit 2: In my other environment both methods stay uninitialized and a manual wmic from console works fine.

[vic]

Like it

Up

0

Down

Drop it

::

Hi dkoel,

Are you putting the module type correctly?

Best regards,

vic.

[dkoel]

Like it

Up

0

Down

Drop it

::

Hi Vic,

I’ve not created my own modules yet. These are the default that are installed.

Saludos

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hi Vic,

I’ve not created my own modules yet. These are the default that are installed.

Saludos

This is the same for myself I have only used the built in WMI modules and have not created my own.

As for a user with the correct permissions, I have tried with the domain admin and the local machine admin and the same result works in the console but not in the module.

[vic]

Like it

Up

0

Down

Drop it

::

Hi all,

I see that you have a problem in configuring the module, delete it and create another with the same data manually. In case the module is still not started, it will be due to the lack of permissions.

Best regards,

vic.

[FIASIT]

Like it

Up

0

Down

Drop it

::

Hi all,

I see that you have a problem in configuring the module, delete it and create another with the same data manually. In case the module is still not started, it will be due to the lack of permissions.

Best regards,

vic.

So, I have gone to the module configuration of one of my servers 
created a new wmi server module
Selected Manual setup rather than one of the predefined modules
filled in all the relevant information
tested the wmi query from the console (it works)

waited for the server to update and still, the module is saying non-initialized

2017-08-21 07:18:36 pandorafms.localdomain [V9] Executing AM # 162 WMI command 'wmic -U "SERVERNAMEadministrator"%"PASSWORD" //SERVERNAME "select ConnectionAttemptsPersec from Win32_PerfRawData_W3SVC_WebService"'
2017-08-21 07:18:36 pandorafms.localdomain [V10] Updating module IIS ConnectionAttemptsPersec(manual) (ID 162) on error.

[dkoel]

Like it

Up

0

Down

Drop it

::

Hi all,

I see that you have a problem in configuring the module, delete it and create another with the same data manually. In case the module is still not started, it will be due to the lack of permissions.

Best regards,

vic.

Hi Vic,
Thank you for your reply’s and suggestions.
I have a problem with the “Lack of permissions”. Could you please explain why it would be a lack of permissions when we (FIASIT and I) can execute the command from the console and not from the webinterface?
The same user is used to execute the command. Correct? The WMI-user is a domain admin. The webconsole-user is Admin. Where would the lack of permissions be?
Regards.

[vic]

Like it

Up

0

Down

Drop it

::

Hi FIASIT, dkoel,

I am doing tests with different versions of pandora and all the modules are started.
Try this configuration and check the data type and the value returned by the query.

It should look like this:

Best regards,

vic.

[dkoel]

Like it

Up

0

Down

Drop it

::

Sorry Vic,

Same response. Again I’ve added the response from the console’s and logs.

Regards.