{"id":2356,"date":"2017-12-20T12:29:38","date_gmt":"2017-12-20T12:29:38","guid":{"rendered":"https:\/\/pandorafms.com\/library\/?p=2356"},"modified":"2017-12-20T12:39:49","modified_gmt":"2017-12-20T12:39:49","slug":"windows-monitoring-manual","status":"publish","type":"post","link":"https:\/\/pandorafms.com\/library\/windows-monitoring-manual\/","title":{"rendered":"Windows Monitoring Manual"},"content":{"rendered":"

This is a manual which helps you to monitor Windows based devices using Pandora FMS.<\/p>\n

Module data<\/h2>\n

1. CPU Load<\/strong><\/p>\n

This module returns the percentage of the CPU in use. The syntaxis for the module would be the following:<\/p>\n

module_begin\r\nmodule_name CPU Load\r\nmodule_type generic_data\r\nmodule_wmiquery SELECT LoadPercentage FROM Win32_Processor\r\nmodule_wmicolumn LoadPercentage\r\nmodule_description CPU Load (%)\r\nmodule_min_warning 80\r\nmodule_max_warning 90\r\nmodule_min_critical 91\r\nmodule_max_critical 100\r\nmodule_end<\/pre>\n
2. Number processes
\n<\/strong>
\nModule that returns the number of processes of the system. Its syntax is this:<\/p>\n
module_begin\r\nmodule_name Number processes\r\nmodule_type generic_data\r\nmodule_exec tasklist | gawk \"NR > 3 {print$0}\" | wc -l\r\nmodule_description Number of processes running\r\nmodule_min_warning 175\r\nmodule_max_warning 249\r\nmodule_min_critical 250\r\nmodule_max_critical 300\r\nmodule_end<\/pre>\n
3. Free Memory<\/strong><\/p>\n
Module that returns the percentage of the system free memory. Its syntax is the following:<\/p>\n
module_begin\r\nmodule_name Free Memory\r\nmodule_type generic_data\r\nmodule_freepercentmemory\r\nmodule_description Free memory (%).\r\nmodule_min_warning 21\r\nmodule_max_warning 30\r\nmodule_min_critical 0\r\nmodule_max_critical 20\r\nmodule_end<\/pre>\n
4. Disk discovery<\/strong><\/p>\n
Plugin that does a disk self discovery and monitor its occupied space. Its syntax is the following one:<\/p>\n
module_plugin cscript.exe \/\/B \"%ProgramFiles%Pandora_Agentutildf.vbs\"<\/pre>\n
5. WMI Service<\/strong><\/p>\n
Module that checks if the WMI service is active. Its syntax is the following:<\/p>\n
module_begin\r\nmodule_name WMI Service\r\nmodule_type generic_proc\r\nmodule_service winmgmt\r\nmodule_description WMI Service enabled\r\nmodule_end<\/pre>\n
6. SNMP Service<\/strong><\/p>\n
Module that checks if the SNMP service is active. Its syntax is the following:<\/p>\n
module_begin\r\nmodule_name SNMP Service\r\nmodule_type generic_proc\r\nmodule_service SNMP\r\nmodule_description SNMP Service enabled\r\nmodule_end<\/pre>\n
7. Domain Auth. Fail<\/strong><\/p>\n
This module searchs the event that informs about one failure in the domain authentication. The syntax for the module would be the following:<\/p>\n
module_begin\r\nmodule_name Domain Auth Fail\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source System\r\nmodule_eventcode 3210\r\nmodule_description Domain Authentication Failure\r\nmodule_end<\/pre>\n
8. Disk Structure Corrupted<\/strong><\/p>\n
This module search the event that informs about a failure in the disk structure. The syntaxis for the module would be this:<\/p>\n
module_begin\r\nmodule_name Disk Structure Corrupted\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source System\r\nmodule_eventcode 55\r\nmodule_application Ntfs\r\nmodule_description Disk structure corrupted\r\nmodule_end<\/pre>\n
9. No domain controller<\/strong><\/p>\n
This module searchs the event that informs that no controler has been found for the domain.The syntax for for the module would be this:<\/p>\n
module_begin\r\nmodule_name No domain controller\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source System\r\nmodule_eventcode 5719\r\nmodule_aplication NETLOGON\r\nmodule_description Domain controller not found\r\nmodule_end<\/pre>\n
10. Account blocked<\/strong><\/p>\n
This module searchs the event that informs that the account is blocked. The syntax for the module would be the following:<\/p>\n
module_begin\r\nmodule_name Account blocked\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4740\r\nmodule_description Account blocked\r\nmodule_end<\/pre>\n
11. Account deleted<\/strong><\/p>\n
This module searchs the event that informs that the account has been deleted. The syntax for the module would be this:<\/p>\n
module_begin\r\nmodule_name Account deleted\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4726\r\nmodule_description Account deleted\r\nmodule_end<\/pre>\n
12. Account disabled<\/strong><\/p>\n
This module searchs the event that informs that the account has been disabled. The syntax for the module would be this:<\/p>\n
module_begin\r\nmodule_name Account disabled\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4725\r\nmodule_description Account disabled\r\nmodule_end<\/pre>\n
13. Password reset<\/strong><\/p>\n
This module searchs the event that informs that the password has been reseted. The syntax for the module would be the following:<\/p>\n
module_begin\r\nmodule_name Password reset\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4724\r\nmodule_description Password reset\r\nmodule_end<\/pre>\n
14. Password change<\/strong><\/p>\n
This module searchs the event that informs that the password has been changed. The syntax for the modules would be this:<\/p>\n
module_begin\r\nmodule_name Password change\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4723\r\nmodule_description Password change\r\nmodule_end<\/pre>\n
15. Account enabled<\/strong><\/p>\n
This module searchs the event that informs that the account has been enabled. The syntax for the module would be the following:<\/p>\n
module_begin\r\nmodule_name Account enabled\r\nmodule_type async_string\r\nmodule_logevent\r\nmodule_source Security\r\nmodule_eventcode 4722\r\nmodule_description Account enabled\r\nmodule_end<\/pre>\n
Files:<\/h2>\n
pandora_windows_v1r1.zip<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
This is a manual which helps you to monitor Windows based devices using Pandora FMS. Module data 1. CPU Load This module returns the percentage of the CPU in use. The syntaxis for the module would be the following: module_begin module_name CPU Load module_type generic_data module_wmiquery SELECT LoadPercentage FROM Win32_Processor module_wmicolumn LoadPercentage module_description CPU Load […]<\/p>\n","protected":false},"author":14,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[6,26],"tags":[121],"_links":{"self":[{"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/posts\/2356"}],"collection":[{"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/comments?post=2356"}],"version-history":[{"count":0,"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/posts\/2356\/revisions"}],"wp:attachment":[{"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/media?parent=2356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/categories?post=2356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pandorafms.com\/library\/wp-json\/wp\/v2\/tags?post=2356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}