Ad Widget

Collapse

Invalid parameter /1/expression incorrect expression

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Lurinoxi
    Junior Member
    • Jan 2024
    • 3
    #1

    Invalid parameter /1/expression incorrect expression

    Hello guys, im pretty new to Zabbix and recently tried to Monitor the Windows Real Time Protection Status (if its enabled or not) so i made a powershell script that does just that

    Code:
    Code:
    $realtimeProtectionStatus = (Get-MpPreference).RealTimeProtectionEnabled

if ($realtimeProtectionStatus -eq $true) {
    Write-Host "Echtzeit Ueberwachung ist aktiviert."
} else {
    Write-Host "Echtzeit Ueberwachung ist deaktiviert!!"
}
​
    after i did this i generated an SSH key pair in the Zabbix Machine

    Code:
    ssh-keygen -t rsa
    Code:
    ssh-copy-id user@windows-machine
    Code:
    ssh user@windows-machine
    then i created an Item in the WIndows Host

    Type: SSH Agent
    Key:
    system.run[powershell -File "C:\Users\Administrator\Desktop\AntiVirusStatu s.ps 1", -i /root/.ssh/id_rsa.pub]

    then i put in the Login Data..

    Then the expression:
    powershell -File "C:\Users\Administrator\AntiVirusStatus.ps1"

    This worked out fine, no biggie..


    Now when i wanted to add the trigger i got into trouble...

    As Expression i used

    Code:
    {hostname:system.run[powershell -File "C:\Users\Administrator\Desktop\AntiVirusStatus.ps1"].str("deaktiviert").nodata(600)}=0
    I tried various variations of this (i did use chat gpt in the end because i was frustrated )

    If anyone is able to help me with this, id appreciate it
    Last edited by Lurinoxi; 11-01-2024, 09:52. Reason: accidently deleted a ] bracket
    Tags: None
    • Answer selected by Lurinoxi at 25-01-2024, 11:27.
      Lurinoxi
      Junior Member
      • Jan 2024
      • 3
      thanks for all the help guys, figured it out now tho... I forgot to put Userparams in the Zabbix_agentd.conf in Windows
        • Selected Answer

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4807
          #2
          What version of Zabbix? The syntax you use, seems the "old one"... Current versions use a bit different ...function(/host/key,parameter)<operator><constant>.​
          chatgpt knowledge ends somewhere 2021-2,I think... ?? so it might not know about newer syntax..:P

            Comment

            • Lurinoxi
              #2.1
              Lurinoxi commented
              11-01-2024, 10:37
              Editing a comment
              I got Zabbix 6.4
            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4807
              #3
              Then you need to fix your expression syntax... do not be afraid to use that "Add" button beside the expression box and use the wizard to construct your expression.
              PS. there is no str() function any more... You need to use "find".

                Comment

                • Lurinoxi
                  #3.1
                  Lurinoxi commented
                  11-01-2024, 13:35
                  Editing a comment
                  Thank you this helped out alot, the trigger is now in place, maybe i need to change up the item, as i think the agent cant run the ps script on the machine but i will try it out for a bit
                • Lurinoxi
                  Junior Member
                  • Jan 2024
                  • 3
                  #4
                  Figured something more out now.. the item key "system.run[powershell -ExecutionPolicy Bypass -File "C:\Users\Administrator\Desktop\AntiVirusStatu s.ps 1"] is not supported !

                    Comment

                    • Brambo
                      Senior Member
                      • Jul 2023
                      • 245
                      #5
                      Originally posted by Lurinoxi
                      Figured something more out now.. the item key "system.run[powershell -ExecutionPolicy Bypass -File "C:\Users\Administrator\Desktop\AntiVirusStatu s.ps 1"] is not supported !
                      ^^ is the space in Status (last section of file name) intended? AND try a non-user folder could be that security profiles prevent running this location.
                      If your zabbix conf of the running agent allows runnen powershell then you can use it.
                      You can even do files executing or even run code directly (even multi-line code if you format it correctly).
                      -c is code command, all code between " so string manipulation with variables can be tricky with ; you can split lines of code
                      example (i removed some personal details)
                      Code:
                      system.run[powershell.exe -c "$L = New-Object -ComObject .. ; $K = $L.CreateupdateSearcher() ; $K.Search('xxx').Updates | Select-Object -expandproperty Title", wait]
                      Sometimes it's needed to do, powershell -c "write-output ... the rest of the code"
                      If you use the ,wait option then double check if your zabbix conf is acception this (powershell*,*)
                      and running script example: (see the .exe in my code)
                      Code:
                      system.run[powershell.exe -NoProfile -ExecutionPolicy bypass -File "C:\zabbix-agent-scripts\certtest.ps1" google.com 443]
                      where certtest.ps1 is my own script.
                      Last edited by Brambo; 11-01-2024, 17:43.

                        Comment

                        • Lurinoxi
                          Junior Member
                          • Jan 2024
                          • 3
                          #6
                          thanks for all the help guys, figured it out now tho... I forgot to put Userparams in the Zabbix_agentd.conf in Windows
                            • Selected Answer

                            Comment

                            Previous template Next
                            Working...