Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
configurar/Ejecutar un Vbs
#1
Hola,
Estoy empezando con Pandora FMS community y la verdad es que mola unmonton, pero me voy encntrando dificultades, a ver si alguien me puede echar una mano:

He encontrado en el foro una manera de visualizar desde la web de pandora los updates de windows pendientes,

- he creado un vbs y lo he ubicado en la carpeta utils:
Code:
Set updateSession = CreateObject("Microsoft.Update.Session")
updateSession.ClientApplicationID = "NGL Check Updates"

Set updateSearcher = updateSession.CreateUpdateSearcher()

Set searchResult = _
updateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")

'For I = 0 To searchResult.Updates.Count-1
'    Set update = searchResult.Updates.Item(I)
'    'WScript.Echo I + 1 & "> " & update.Title    
'Next

WScript.Echo searchResult.Updates.Count


- He modificado el config file del agente de windows para añadir el modulo que llama a ese vbs
Code:
# Check Windows Update
module_begin
module_name Windows Update
module_type generic_data
module_description Updates disponibles
module_exec cscript.exe //nologo "%PROGRAMFILES%\Pandora_Agent\util\check_updates.vbs"
module_min_warning 1
module_end


Lo que no se es , ahora , como añadir el monitor a la web, no lo encuentro de ninguna manera.

Muchas gracias a todos.

El post que he encontrado es el siguiente:
https://pandorafms.com/forums/thread-8379.html
 Reply
#2
Buenos días cosmona,

Para agregar dicho módulo solo tienes que añadirlo en el fichero de configuración en el agente de Windows. Después reinicia el servicio del agente para que vuelva a coger toda la nueva información.
¡OJO! Si tienes habilitado el "Servidor remoto en el agente los cambios no se producirán ya que el fichero lo manejaría el servidor de Pandora (esta función solo esta habilitada en la versión Enterprise).

Saludos,

vic.
 Reply
#3
Antes de nada muchas gracias.
Donde miro lo del Servidor Remoto?
 Reply
#4
Buenas cosmona,

Perdona, la "Configuración remota" también se encuentra en el fichero de configuración del agente que tienes en Windows.
Asegúrate de que esté así:

Code:
remote_config 0

Saludos,

vic.
 Reply
#5
(09-04-2017, 10:00 AM)vic Wrote: Buenas cosmona,

Perdona, la "Configuración remota" también se encuentra en el fichero de configuración del agente que tienes en Windows.
Asegúrate de que esté así:

Code:
remote_config 0

Saludos,

vic.

Muchas gracias por contestar!!
He estado mirando y la configuracion remota esta desactivada.No se que puede estar pasando, por un lado tengo la duda como se añade un modulo en el entorno web de Pandora, supongo que es creando un modulo nuevo y ponerle el mismo nombre que tiene en el fichero de configuracion, no?

Por otro lado he estado mirando los logs y podria ser que el vbs tardara demasiado en dar los datos? cuando lo ejecuto a mano se tira su tiempo.

Adjunto config file y logs para ver si os aporta algo mas.

Muchas gracias, que bueno que haya una comunidad como esta!!!
Code:
2017-09-03 18:56:41 Run begin
2017-09-03 18:56:41 Run CPU Load
2017-09-03 18:56:41 Run TCP_Connections
2017-09-03 18:56:41 Executing: cmd.exe /c "netstat -an | find /c /v "estab""
2017-09-03 18:56:41 Run plugin
2017-09-03 18:56:41 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs""
2017-09-03 18:56:41 Run plugin
2017-09-03 18:56:41 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\mem_percent_used.vbs""
2017-09-03 18:56:41 Run plugin
2017-09-03 18:56:41 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\network.vbs""
2017-09-03 19:04:16 Run begin
2017-09-03 19:04:16 Run CPU Load
2017-09-03 19:04:16 Run TCP_Connections
2017-09-03 19:04:16 Executing: cmd.exe /c "netstat -an | find /c /v "estab""
2017-09-03 19:04:16 Run plugin
2017-09-03 19:04:16 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs""
2017-09-03 19:04:16 Run plugin
2017-09-03 19:04:16 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\mem_percent_used.vbs""
2017-09-03 19:04:17 Run plugin
2017-09-03 19:04:17 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\network.vbs""
2017-09-03 19:08:16 Run begin
2017-09-03 19:08:16 Run CPU Load
2017-09-03 19:08:16 Run TCP_Connections
2017-09-03 19:08:16 Executing: cmd.exe /c "netstat -an | find /c /v "estab""
2017-09-03 19:08:17 Run plugin
2017-09-03 19:08:17 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs""
2017-09-03 19:08:17 Run plugin
2017-09-03 19:08:17 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\mem_percent_used.vbs""
2017-09-03 19:08:17 Run plugin
2017-09-03 19:08:17 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\network.vbs""
2017-09-03 19:12:36 Run Windows Update
2017-09-03 19:12:37 Executing: cmd.exe /c "cscript.exe //B "%PROGRAMFILES%\Pandora_Agent\util\check_updates.vbs""
2017-09-03 19:12:52 Run FreeMemory
2017-09-03 19:12:52 Run System Events (TermService)
2017-09-03 19:21:59 Run begin
2017-09-03 19:21:59 Run CPU Load
2017-09-03 19:21:59 Run TCP_Connections
2017-09-03 19:21:59 Executing: cmd.exe /c "netstat -an | find /c /v "estab""
2017-09-03 19:21:59 Run plugin
2017-09-03 19:21:59 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs""
2017-09-03 19:21:59 Run plugin
2017-09-03 19:21:59 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\mem_percent_used.vbs""
2017-09-03 19:22:00 Run plugin
2017-09-03 19:22:00 Executing: cmd.exe /c "cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\network.vbs""
2017-09-03 19:31:49 Run Windows Update
2017-09-03 19:31:49 Executing: cmd.exe /c "cscript.exe //B "%PROGRAMFILES%\Pandora_Agent\util\check_updates.vbs""
2017-09-03 19:32:04 Run FreeMemory
2017-09-03 19:32:04 Run System Events (TermService)
2017-09-03 20:16:12 Run Security Events (Invalid Login)
2017-09-03 20:24:11 EvtNext error: 259
2017-09-03 20:24:11 EvtNext error: 259
2017-09-03 20:24:12 EvtNext error: 259

Code:
2017-09-03 19:04:10 Pandora agent stopped
2017-09-03 19:04:16 Pandora agent started
2017-09-03 19:05:04 Pandora agent stopped
2017-09-03 19:08:09 Pandora agent stopped
2017-09-03 19:08:16 Pandora agent started
2017-09-03 19:12:52 Pandora_Module_Exec: Windows Update timed out (retcode: 259)
2017-09-03 19:21:41 Pandora agent stopped
2017-09-03 19:21:59 Pandora agent started
2017-09-03 19:32:04 Pandora_Module_Exec: Windows Update timed out (retcode: 259)

Code:
# (c) 2006-2015 Artica Soluciones Tecnologicas
# Version 7.0NG.711

# This program is Free Software, you can redistribute it and/or modify it # under the terms of the GNU General Public Licence as published by the # Free Software Foundation; either version 2 of the Licence or any later # version. This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY, without ever the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

# General Parameters

server_ip 10.10.118.140
server_path /var/spool/pandora/data_in
temporal "C:\Program Files\pandora_agent\temp"

# Group assigned for this agent (descriptive, p.e: Servers)
group "Servers"
# If set to 1 allows the agent to be configured via the web console
# (only works on enterprise version).

remote_config 0

#include "C:\Archivos de programa\pandora_agent\pandora_agent_alt.conf"
#broker_agent name_agent

# Agent uses your hostname automatically, if you need to change agent name
# use directive agent_name (do not use blank spaces, please).
# This parameter is CASE SENSITIVE.

agent_name 3e28fc599a2abce661e1992571bca7d67dab3089185e100ef301b9a1a6741203

# To define agent name by specific command, define 'agent_name_cmd'.
# If agent_name_cmd is defined, agent_name is ignored.
# (In the following example, agent name is 'hostname_IP')
#agent_name_cmd cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\agentname.vbs"
agent_name_cmd __rand__

#Parent agent_name
#parent_agent_name caprica

# address: Enforce to server a ip address to this agent
# You can also try to detect the first IP using "auto", for example

#address auto
# or setting a fixed IP address, like for example:
#address 192.168.36.73

# This limits operation if temporal dir has not enough free disk.
#temporal_min_size 1024

# Delay start execution X second before start to minonitoring nothing
#startup_delay 30

# Interval is defined in seconds
interval 300

# tranfer_modes: Possible values are local, tentacle (default), ftp and ssh.
transfer_mode tentacle
server_port 41121

# In case of using FTP or tentacle with password. User is always "pandora"
#server_pwd pandora

# Extra options for the Tentacle client (for example: server_opts -v -r 5).
# server_opts

# If set to 1 disables log writing into pandora_agent.log
#disable_logfile 1

# Debug mode renames XML in the temp folder and continues running
debug 1

# Set XML encoding (ISO-8859-1 by default). For Windows 7 and 2012 works fine UTF-8 encoding.(Recommended)
#encoding UTF-8

# If set to 1 start Drone Agent's Proxy Mode
# proxy_mode 1

# Max number of simmultaneus connection for proxy (by default 10)
# proxy_max_connection 10

# Proxy timeout (by default 1s)
# proxy_timeout 1

# Enable or disable XML buffer.
xml_buffer 0

# Agent mode: Learn (default), No-learn, Autodisable
# agent_mode autodisable

ehorus_conf "C:\Program Files\ehorus_agent\ehorus_agent.conf"

# Secondary server configuration
# ==============================

# If secondary_mode is set to on_error, data files are copied to the secondary
# server only if the primary server fails. If set to always, data files are
# always copied to the secondary server.
#secondary_mode on_error
#secondary_server_ip localhost
#secondary_server_path /var/spool/pandora/data_in
#secondary_server_port 41121
#secondary_transfer_mode tentacle
#secondary_server_pwd mypassword
#secondary_server_ssl no
#secondary_server_opts

# Example UDP server to be able to execute remote actions such
# as starting or stopping process.
#udp_server 1
#udp_server_port 4321
#udp_server_auth_address 192.168.1.23
#process_firefox_start firefox
#process_firefox_stop killall firefox
#service_messenger 1

# Module Definition
# Check online documentation and module library at http://pandorafms.org
# =================

# CPU Load using WMI
module_begin
module_name CPU Load
module_type generic_data
module_wmiquery SELECT LoadPercentage FROM Win32_Processor
module_wmicolumn LoadPercentage
module_max 100
module_min 0
module_description User CPU Usage (%)
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_unit %
module_group System
module_end
# Basic info about TCP Connection
module_begin
module_name TCP_Connections
module_type generic_data
module_exec netstat -an | find /c /v "estab"
module_description Total number of TCP connections active
module_group Networking
module_end

# Example plugin to retrieve drive usage
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df_percent_used.vbs"

# Example plugin to retrieve memory usage
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\mem_percent_used.vbs"

# Example plugin to retrieve network usage
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\network.vbs"
#ESTE ES EL MODULO QUE QUIERO LLAMAR----------------------------------------------------------------------
#Check Windows Update
module_begin
module_name Windows Update
module_type generic_data
module_description Updates disponibles
module_exec cscript.exe //B "%PROGRAMFILES%\Pandora_Agent\util\check_updates.vbs"
module_min_warning 1
module_end
#-------------------------------------------------------------------------------------------------------
# inaki FreE Memory
module_begin
module_name FreeMemory
module_type generic_data
module_freepercentmemory
module_description Free memory (%).
module_min_warning 21
module_max_warning 30
module_min_critical 0
module_max_critical 20
module_end

# Inaki Log events
module_begin
module_name System Events (TermService)
module_type async_string
module_logevent
module_description Log Events coming from Terminal Service
module_source System
module_application TermService
module_end

module_begin
module_name Security Events (Invalid Login)
module_type async_string
module_description Security log events for invalid login attempt
module_logevent
module_source Security
module_eventcode 529
module_end

# Check if Dhcp service is enabled
module_begin
module_name DHCP Enabled
module_type generic_proc
module_service Dhcp
module_description Check DCHP service enabled
module_end

#inaki Antivirus monitoring
#This modules checks the antivirus is running on your system, if there is and antivirus
#This module gets the last date the signature file was updated and send this date to pandora.
module_begin
module_name Antivirus Last Update
module_type async_string
module_precondition =~ avguard.exe cmd.exe /c tasklist | grep avguard.exe | gawk "{print $1}"
module_exec dir "%ProgramFiles%\Avira\AntiVir Desktop\aevdf.dat" | grep aevdf.dat | gawk "{print $1\" \"$2}"
module_description Last update for Antivirus Signature file
module_end

# Number processes
module_begin
module_name Number processes
module_type generic_data
module_exec tasklist | gawk "NR > 3 {print$0}" | wc -l
module_description Number of processes running
module_min_warning 175
module_max_warning 249
module_min_critical 250
module_max_critical 300
module_end


# Example plugin to retrieve drive usage
#module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\df.vbs"

# Free space on disk C: (%)
module_begin
module_name FreeDiskC
module_type generic_data
module_freepercentdisk C:
module_description Free space on drive C: (%)
module_min_warning 31
module_max_warning 40
module_min_critical 0
module_max_critical 30
module_end

# CPU usage percentage
module_begin
module_name CPUUse
module_type generic_data
module_cpuusage all
module_description CPU# usage
module_min_warning 70
module_max_warning 90
module_min_critical 91
module_max_critical 100
module_end

# Free space on disk D: (%)
module_begin
module_name FreeDiskD
module_type generic_data
module_freepercentdisk D:
module_description Free space on drive D: (%)
module_end

## Windows inventory module (This information will be displayed only in enterprise version)
## Please check the WMI is healthy before activate this functionality

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\cpuinfo.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\moboinfo.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\diskdrives.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\cdromdrives.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\videocardinfo.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\ifaces.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\monitors.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\printers.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\raminfo.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\software_installed.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\userslogged.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\productkey.vbs"
module_crontab * 12-15 * * 1
module_end

module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\productID.vbs"
module_crontab * 12-15 * * 1
module_end

## Plugin example for custom fields (version, architecture, IP, IPv6, MAC)
module_begin
module_plugin cscript.exe //B //t:20 "%PROGRAMFILES%\Pandora_Agent\util\win_cf.vbs"
module_crontab * 12-15 * * 1
module_end

# Example plugin to retrieve last 5 min events in log4x format
module_plugin cscript.exe //B "%ProgramFiles%\Pandora_Agent\util\logevent_log4x.vbs" Aplicacion System 300

# Inaki Sample on how to get a value from registry
# This returns the last time user launch microsoft Windows update
module_begin
module_name Windows_Update_LastRun
module_type generic_data_string
module_exec getreg LM "SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" SetupWizardLaunchTime
module_description Last date and time user launch microsoft Windows update
module_end

# Example of a remote TCP check
module_begin
module_name Google Port 80
module_type generic_proc
module_tcpcheck http://www.google.com
module_port 80
module_timeout 5
module_description Check local port 80
module_end

# Example of regexp matching
#module_begin
#module_name PandoraAgent_log
#module_type generic_data_string
#module_regexp C:\archivos de programa\pandora_agent\pandora_agent.log
#module_description This module will return all lines from the specified logfile
#module_pattern .*
#module_end

# Get processor time from Performance Counter (SPANISH only, check your
# locale string) using the Windows Performance tool to
# identify proper PerCounter strings. Check documentation for detailed steps.
module_begin
module_name Processor_Time
module_type generic_data
module_perfcounter \Procesador(_Total)\% de tiempo de procesador
module_end

# Example of module exec, used to know about the memory used by pandora process
# grep.exe and gawk.exe are included in the util directory of the agent.
module_begin
module_name PandoraFMS RAM
module_type generic_data
module_exec tasklist | grep Pandora | gawk "{ print $5 }" | tr -d "."
module_end

# Example of module exec, used get number of active terminal services sessions
# Works on Windows 2003. In Windows XP the query.exe and quser.exe files were
# moved to %WINDIR%\system32\dllcache. If XP, copy the exe to %WINDIR%\system32
#module_begin
#module_name Active TS Sessions
#module_type generic_data_string
#module_exec query session | grep Activ | gawk "{ print $2 }" |wc -l
#module_description Number of active TS Sessions
#module_end

# Example of watchdog process opening it if it gets closed
# NOTE: This need to enable "Service can interactuate with the deskop" option
# in the Pandora FMS Service configuration (Windows Service Control management).
module_begin
module_name TaskManager
module_type generic_proc
module_proc taskmgr.exe
module_description This keeps taskmgr always running in the system
module_async yes
module_watchdog yes
module_start_command c:\windows\system32\taskmgr.exe
module_end

# Example of watchdog service opening it if it gets closed
module_begin
module_name ServiceVNC_Server
module_type generic_proc
module_service winvnc
module_description Service VNC Server watchdog/service
module_async yes
module_watchdog yes
module_end

# Example of preconditions
#module_begin
#module_name Test Precondicion
#module_type generic_data
#module_precondition < 10 cmd.exe /c echo 5
#module_precondition > 10 cmd.exe /c echo 15
#module_precondition = 10 cmd.exe /c echo 10
#module_precondition != 10 cmd.exe /c echo 5
#module_precondition =~ 10 cmd.exe /c echo 10
#module_precondition (5,15) cmd.exe /c echo 10
#module_freepercentmemory
#module_description Precondition test module
#module_end

# Example of postconditions
#module_begin
#module_name Test Postcondicion
#module_type generic_data
#module_condition < 10 cmd.exe /c echo min >> c:\log.txt
#module_condition > 3 cmd.exe /c echo max >> c:\log.txt
#module_condition = 5 cmd.exe /c echo equal >> c:\log.txt
#module_condition != 10 cmd.exe /c echo diff >> c:\log.txt
#module_condition =~ 5 cmd.exe /c echo regexp >> c:\log.txt
#module_condition (3,8) cmd.exe /c echo range >> c:\log.txt
#module_exec echo 5
#module_description Postcondition test module
#module_end

# Example of native encoding.
#module_begin
#module_name Written Accent
#module_type generic_data_string
#module_exec echo Bordón
#module_native_encoding OEM
#module_end
 Reply
#6
Buenas cosmona,

Para añadir el monitor a la consola web solo basta con agregar el módulo en el fichero de configuración del agente y después reiniciar el servicio del agente para que vuelva a cargar todo el contenido de su fichero de configuración.
Cuando accedas a la consola web, el módulo tendrá que estar ya creado.

En caso de que no aparezca, será porque hay algún error en el módulo, ya sea el tipo o el valor devuelto.

Saludos,

vic.
 Reply
#7
Nada, no hay manera, he pasado del vbs y he intentado hacer una consulta WMIC:
# SOFTWARE
module_begin
module_name Software
module_type generic_data_string
module_wmiquery product get name,version
module_wmicolumn name
module_group System
module_end

Esta vez si me la reconoce en la seccion modulos pero me viene como no data, podria ser por el module_type?
 Reply
#8
Buenas cosmona,

Si el valor que te devuelve es una cadena de texto está bien el tipo, revisa la consulta wmi.
¿Qué sistema operativo Windows quieres monitorizar?

Saludos,

vic.
 Reply
#9
Hola,
Al final ya lo he solucionado, tenia un error en un modulo anterior y le faltaba una m (odule) y esto hacia que no se ejecutara lo de mas abajo.

Muchas gracias!!
La verdad es que estoy muy contento con el resultado y l facilidad de Pandora.
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes