Windows Monitoring Manual

Dec 20, 2017 | Operating Systems, Windows category

Tags:

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
:

This is a manual which helps you to monitor Windows based devices using Pandora FMS.

Module data

1. CPU Load

This module returns the percentage of the CPU in use. The syntaxis for the module would be the following:

module_begin
module_name CPU Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_description CPU Load (%)
module_min_warning 80
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_end

2. Number processes

Module that returns the number of processes of the system. Its syntax is this:

module_begin
module_name Number processes
module_type generic_data
module_exec tasklist | gawk "NR > 3 {print$0}" | wc -l
module_description Number of processes running
module_min_warning 175
module_max_warning 249
module_min_critical 250
module_max_critical 300
module_end

3. Free Memory

Module that returns the percentage of the system free memory. Its syntax is the following:

module_begin
module_name Free Memory
module_type generic_data
module_freepercentmemory
module_description Free memory (%).
module_min_warning 21
module_max_warning 30
module_min_critical 0
module_max_critical 20
module_end

4. Disk discovery

Plugin that does a disk self discovery and monitor its occupied space. Its syntax is the following one:

module_plugin cscript.exe //B "%ProgramFiles%Pandora_Agentutildf.vbs"

5. WMI Service

Module that checks if the WMI service is active. Its syntax is the following:

module_begin
module_name WMI Service
module_type generic_proc
module_service winmgmt
module_description WMI Service enabled
module_end

6. SNMP Service

Module that checks if the SNMP service is active. Its syntax is the following:

module_begin
module_name SNMP Service
module_type generic_proc
module_service SNMP
module_description SNMP Service enabled
module_end

7. Domain Auth. Fail

This module searchs the event that informs about one failure in the domain authentication. The syntax for the module would be the following:

module_begin
module_name Domain Auth Fail
module_type async_string
module_logevent
module_source System
module_eventcode 3210
module_description Domain Authentication Failure
module_end

8. Disk Structure Corrupted

This module search the event that informs about a failure in the disk structure. The syntaxis for the module would be this:

module_begin
module_name Disk Structure Corrupted
module_type async_string
module_logevent
module_source System
module_eventcode 55
module_application Ntfs
module_description Disk structure corrupted
module_end

9. No domain controller

This module searchs the event that informs that no controler has been found for the domain.The syntax for for the module would be this:

module_begin
module_name No domain controller
module_type async_string
module_logevent
module_source System
module_eventcode 5719
module_aplication NETLOGON
module_description Domain controller not found
module_end

10. Account blocked

This module searchs the event that informs that the account is blocked. The syntax for the module would be the following:

module_begin
module_name Account blocked
module_type async_string
module_logevent
module_source Security
module_eventcode 4740
module_description Account blocked
module_end

11. Account deleted

This module searchs the event that informs that the account has been deleted. The syntax for the module would be this:

module_begin
module_name Account deleted
module_type async_string
module_logevent
module_source Security
module_eventcode 4726
module_description Account deleted
module_end

12. Account disabled

This module searchs the event that informs that the account has been disabled. The syntax for the module would be this:

module_begin
module_name Account disabled
module_type async_string
module_logevent
module_source Security
module_eventcode 4725
module_description Account disabled
module_end

13. Password reset

This module searchs the event that informs that the password has been reseted. The syntax for the module would be the following:

module_begin
module_name Password reset
module_type async_string
module_logevent
module_source Security
module_eventcode 4724
module_description Password reset
module_end

14. Password change

This module searchs the event that informs that the password has been changed. The syntax for the modules would be this:

module_begin
module_name Password change
module_type async_string
module_logevent
module_source Security
module_eventcode 4723
module_description Password change
module_end

15. Account enabled

This module searchs the event that informs that the account has been enabled. The syntax for the module would be the following:

module_begin
module_name Account enabled
module_type async_string
module_logevent
module_source Security
module_eventcode 4722
module_description Account enabled
module_end

Files:

pandora_windows_v1r1.zip

(Visited 2,434 times, 1 visits today)

For correct visualization of the Pandora FMS library extension, you must have installed version NG 760 or superior

Got it!
X