-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathMonitor.TimedScript.PowerShell.ParseTextFile.mpx
More file actions
381 lines (355 loc) · 18.7 KB
/
Monitor.TimedScript.PowerShell.ParseTextFile.mpx
File metadata and controls
381 lines (355 loc) · 18.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
<ManagementPackFragment SchemaVersion="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!--
%%
Description:
A MONITOR which runs a timed PowerShell script and parses a text log file looking for a text string
This Monitor example has parameters which can be passed to the script
CompanyID - is a short abbreviation for your company with NO SPACES OR SPECIAL CHARACTERS ALLOWED
AppName - is a short name for your app with NO SPACES OR SPECIAL CHARACTERS ALLOWED
ClassID - is the targeted class such as your custom class or Windows!Microsoft.Windows.Server.OperatingSystem
UniqueID - Is a unique short description of the monitor purpose (NO SPACES OR SPECIAL CHARACTERS ALLOWED) such as "MonitorFilesInFolder"
Version: 1.1
LastModified: 07-Jul-2021
%%
In this fragment you need to replace:
##CompanyID##
##AppName##
##ClassID##
##UniqueID##
This fragment depends on references:
RequiredReference: Alias="System", ID="System.Library"
RequiredReference: Alias="Windows", ID="Microsoft.Windows.Library"
RequiredReference: Alias="Health", ID="System.Health.Library"
@@Author=Kevin Holman@@
-->
<TypeDefinitions>
<ModuleTypes>
<DataSourceModuleType ID="##CompanyID##.##AppName##.##UniqueID##.Monitor.DS" Accessibility="Internal" Batching="false">
<Configuration>
<xsd:element minOccurs="1" type="xsd:integer" name="IntervalSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="0" type="xsd:string" name="SyncTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:string" name="LogFilePath" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:string" name="TextStringExpected" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="ThresholdHours" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="TimeoutSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int" />
<OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string" />
<OverrideableParameter ID="LogFilePath" Selector="$Config/LogFilePath$" ParameterType="string" />
<OverrideableParameter ID="TextStringExpected" Selector="$Config/TextStringExpected$" ParameterType="string" />
<OverrideableParameter ID="ThresholdHours" Selector="$Config/ThresholdHours$" ParameterType="int" />
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int" />
</OverrideableParameters>
<ModuleImplementation Isolation="Any">
<Composite>
<MemberModules>
<DataSource ID="Scheduler" TypeID="System!System.Scheduler">
<Scheduler>
<SimpleReccuringSchedule>
<Interval Unit="Seconds">$Config/IntervalSeconds$</Interval>
<SyncTime>$Config/SyncTime$</SyncTime>
</SimpleReccuringSchedule>
<ExcludeDates />
</Scheduler>
</DataSource>
<ProbeAction ID="PA" TypeID="Windows!Microsoft.Windows.PowerShellPropertyBagTriggerOnlyProbe">
<ScriptName>##CompanyID##.##AppName##.##UniqueID##.Monitor.DS.ps1</ScriptName>
<ScriptBody>
#=================================================================================
# Parse a Log file and look for text string and compare the datetime to a threshold
#
# Author: Kevin Holman
# v1.0
#=================================================================================
param([string]$LogFilePath,[string]$TextStringExpected,[int]$ThresholdHours)
# Manual Testing section - put stuff here for manually testing script - typically parameters:
#=================================================================================
# [string]$LogFilePath = "C:\Windows\Temp\installation.log"
# [string]$TextStringExpected = "D:\program files\ManageSoft\Launcher\ndlaunch"
# [int]$ThresholdHours = 31
#=================================================================================
# Constants section - modify stuff here:
#=================================================================================
# Assign script name variable for use in event logging.
# ScriptName should be the same as the ID of the module that the script is contained in
$ScriptName = "##CompanyID##.##AppName##.##UniqueID##.Monitor.DS.ps1"
$EventID = "3990"
#=================================================================================
# Starting Script section - All scripts get this
#=================================================================================
# Gather the start time of the script
$StartTime = Get-Date
#Set variable to be used in logging events
$whoami = whoami
# Load MOMScript API
$momapi = New-Object -comObject MOM.ScriptAPI
#Log script event that we are starting task
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript is starting. `nRunning as ($whoami). `nLogFilePath: ($LogFilePath). `nTextStringExpected: ($TextStringExpected). `nThresholdHours: ($ThresholdHours).")
#=================================================================================
# PropertyBag Script section - Monitoring scripts get this
#=================================================================================
# Load SCOM PropertyBag function
$bag = $momapi.CreatePropertyBag()
#=================================================================================
# Begin MAIN script section
#=================================================================================
#Verify Logfile Exists
# Test to see if the folder exists and exit with error if not
IF (!(Test-Path $LogFilePath))
{
[string]$Message = "FATAL ERROR: The expected LogFile ($LogFilePath) was not found."
$momapi.LogScriptEvent($ScriptName,$EventID,1,$Message)
$bag.AddValue('Result','BAD')
$bag.AddValue('Message',$Message)
$bag.AddValue('LogFilePath',$LogFilePath)
$bag.AddValue('TextStringExpected',$TextStringExpected)
$bag.AddValue('ThresholdHours',$ThresholdHours)
# Return all bags
$bag
EXIT
}
# Clear any previous errors
$Error.Clear()
#Get the file contents into an array that match our expected text string
$LogFileMatchingContent = Get-Content $LogFilePath | where {$_ -like "*$TextStringExpected*"}
#Check to make sure we got something back and error if not
IF (!($LogFileMatchingContent))
{
[string]$Message = "FATAL ERROR: The expected text string was not found in the LogFile: ($LogFilePath)."
$momapi.LogScriptEvent($ScriptName,$EventID,1,$Message)
$bag.AddValue('Result','BAD')
$bag.AddValue('Message',$Message)
$bag.AddValue('LogFilePath',$LogFilePath)
$bag.AddValue('TextStringExpected',$TextStringExpected)
$bag.AddValue('ThresholdHours',$ThresholdHours)
# Return all bags
$bag
EXIT
}
#Get the last line in the array which will be the most recent
[string]$MatchingLine = $LogFileMatchingContent | Select-Object -Last 1
#Get the Date value from the line
$SplitLine = $MatchingLine.Split("(")
[string]$DateString = $SplitLine[0]
$DateString = $DateString -replace '[[]',''
[datetime]$LogFileLineDateTime = $DateString
#Get the age in hours of the logfile line date compared to now
[int]$LogFileLineAgeHours = ($StartTime - $LogFileLineDateTime).TotalHours
#Output good or bad based on threshold
IF ($LogFileLineAgeHours -ge $ThresholdHours)
{
#This is bad. The last datetime in the log file is older than the threshold
[string]$Message = "Threshold breached: The last datetime ($DateString) in the log file is older than the threshold in hours which is ($ThresholdHours)."
$momapi.LogScriptEvent($ScriptName,$EventID,1,$Message)
$bag.AddValue('Result','BAD')
$bag.AddValue('Message',$Message)
$bag.AddValue('LogFilePath',$LogFilePath)
$bag.AddValue('TextStringExpected',$TextStringExpected)
$bag.AddValue('ThresholdHours',$ThresholdHours)
}
ELSE
{
#This is good. The last datetime in the log file is more recent than the threshold
[string]$Message = "Healthy condition: The last datetime ($DateString) in the log file is newer than the threshold in hours which is ($ThresholdHours)."
$momapi.LogScriptEvent($ScriptName,$EventID,0,$Message)
$bag.AddValue('Result','GOOD')
$bag.AddValue('Message',$Message)
$bag.AddValue('LogFilePath',$LogFilePath)
$bag.AddValue('TextStringExpected',$TextStringExpected)
$bag.AddValue('ThresholdHours',$ThresholdHours)
}
# Return all bags
$bag
#=================================================================================
# End MAIN script section
# End of script section
#=================================================================================
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$momapi.LogScriptEvent($ScriptName,$EventID,0,"`nScript Completed. `nRuntime: ($ScriptTime) seconds.")
#=================================================================================
# End of script
</ScriptBody>
<Parameters>
<Parameter>
<Name>LogFilePath</Name>
<Value>$Config/LogFilePath$</Value>
</Parameter>
<Parameter>
<Name>TextStringExpected</Name>
<Value>$Config/TextStringExpected$</Value>
</Parameter>
<Parameter>
<Name>ThresholdHours</Name>
<Value>$Config/ThresholdHours$</Value>
</Parameter>
</Parameters>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID="PA">
<Node ID="Scheduler" />
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>System!System.PropertyBagData</OutputType>
</DataSourceModuleType>
</ModuleTypes>
<MonitorTypes>
<UnitMonitorType ID="##CompanyID##.##AppName##.##UniqueID##.Monitor.MonitorType" Accessibility="Internal">
<MonitorTypeStates>
<MonitorTypeState ID="GoodCondition" NoDetection="false" />
<MonitorTypeState ID="BadCondition" NoDetection="false" />
</MonitorTypeStates>
<Configuration>
<xsd:element minOccurs="1" type="xsd:integer" name="IntervalSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="0" type="xsd:string" name="SyncTime" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:string" name="LogFilePath" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:string" name="TextStringExpected" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="ThresholdHours" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="TimeoutSeconds" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
<xsd:element minOccurs="1" type="xsd:integer" name="MatchCount" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int" />
<OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string" />
<OverrideableParameter ID="LogFilePath" Selector="$Config/LogFilePath$" ParameterType="string" />
<OverrideableParameter ID="TextStringExpected" Selector="$Config/TextStringExpected$" ParameterType="string" />
<OverrideableParameter ID="ThresholdHours" Selector="$Config/ThresholdHours$" ParameterType="int" />
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="int" />
<OverrideableParameter ID="MatchCount" Selector="$Config/MatchCount$" ParameterType="int" />
</OverrideableParameters>
<MonitorImplementation>
<MemberModules>
<DataSource ID="DS" TypeID="##CompanyID##.##AppName##.##UniqueID##.Monitor.DS">
<IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>
<SyncTime>$Config/SyncTime$</SyncTime>
<LogFilePath>$Config/LogFilePath$</LogFilePath>
<TextStringExpected>$Config/TextStringExpected$</TextStringExpected>
<ThresholdHours>$Config/ThresholdHours$</ThresholdHours>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
</DataSource>
<ConditionDetection ID="GoodConditionFilter" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">GOOD</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID="BadConditionFilter" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Result']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">BAD</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<SuppressionSettings>
<MatchCount>$Config/MatchCount$</MatchCount>
</SuppressionSettings>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID="GoodCondition">
<Node ID="GoodConditionFilter">
<Node ID="DS" />
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID="BadCondition">
<Node ID="BadConditionFilter">
<Node ID="DS" />
</Node>
</RegularDetection>
</RegularDetections>
<OnDemandDetections>
<OnDemandDetection MonitorTypeStateID="GoodCondition">
<Node ID="GoodConditionFilter">
<Node ID="DS" />
</Node>
</OnDemandDetection>
<OnDemandDetection MonitorTypeStateID="BadCondition">
<Node ID="BadConditionFilter">
<Node ID="DS" />
</Node>
</OnDemandDetection>
</OnDemandDetections>
</MonitorImplementation>
</UnitMonitorType>
</MonitorTypes>
</TypeDefinitions>
<Monitoring>
<Monitors>
<UnitMonitor ID="##CompanyID##.##AppName##.##UniqueID##.Monitor" Accessibility="Public" Enabled="true" Target="##ClassID##" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="##CompanyID##.##AppName##.##UniqueID##.Monitor.MonitorType" ConfirmDelivery="true">
<Category>AvailabilityHealth</Category>
<AlertSettings AlertMessage="##CompanyID##.##AppName##.##UniqueID##.Monitor.AlertMessage">
<AlertOnState>Warning</AlertOnState> <!-- Warning or Error should match OperationalStates below -->
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>MatchMonitorHealth</AlertSeverity> <!-- Common options for AlertSeverity are MatchMonitorHealth, Information, Warning, Error -->
<AlertParameters>
<AlertParameter1>$Data/Context/Property[@Name='Message']$</AlertParameter1>
<AlertParameter2>$Data/Context/Property[@Name='LogFilePath']$</AlertParameter2>
<AlertParameter3>$Data/Context/Property[@Name='TextStringExpected']$</AlertParameter3>
<AlertParameter4>$Data/Context/Property[@Name='ThresholdHours']$</AlertParameter4>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="GoodCondition" MonitorTypeStateID="GoodCondition" HealthState="Success" />
<OperationalState ID="BadCondition" MonitorTypeStateID="BadCondition" HealthState="Warning" /> <!-- HealthState = Warning or Error -->
</OperationalStates>
<Configuration>
<IntervalSeconds>3600</IntervalSeconds>
<SyncTime></SyncTime>
<LogFilePath>C:\Windows\Temp\installation.log</LogFilePath>
<TextStringExpected>D:\program files\ManageSoft\Launcher\ndlaunch</TextStringExpected>
<ThresholdHours>31</ThresholdHours>
<TimeoutSeconds>120</TimeoutSeconds>
<MatchCount>1</MatchCount> <!-- This is the number of consecutive matches that must be met before the monitor will change state. Also a good example of passing in Integer data. -->
</Configuration>
</UnitMonitor>
</Monitors>
</Monitoring>
<Presentation>
<StringResources>
<StringResource ID="##CompanyID##.##AppName##.##UniqueID##.Monitor.AlertMessage" />
</StringResources>
</Presentation>
<LanguagePacks>
<LanguagePack ID="ENU" IsDefault="true">
<DisplayStrings>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Monitor">
<Name>##CompanyID## ##AppName## ##UniqueID## Monitor</Name>
<Description></Description>
</DisplayString>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Monitor" SubElementID="GoodCondition">
<Name>Good Condition</Name>
</DisplayString>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Monitor" SubElementID="BadCondition">
<Name>Bad Condition</Name>
</DisplayString>
<DisplayString ElementID="##CompanyID##.##AppName##.##UniqueID##.Monitor.AlertMessage">
<Name>##CompanyID## ##AppName## ##UniqueID## Monitor: Failure</Name>
<Description>##CompanyID## ##AppName## ##UniqueID## Monitor: detected a bad condition
Message: {0}
LogFilePath: {1}
TextStringExpected: {2}
ThresholdHours: {3}</Description>
</DisplayString>
</DisplayStrings>
</LanguagePack>
</LanguagePacks>
</ManagementPackFragment>