Ad Widget

**boyemillar** · 07-01-2019, 12:54

I have a Powershell script which runs via a user parameter on the local Zabbix Agent and returns a list of the active RDP sessions or "No-Login" if there is no login.

**Hello There** · 07-01-2019, 12:56

Can you please provide any info that would help me? Thanks.

**boyemillar** · 07-01-2019, 13:36

Here is the Powershell script

Create an item called "whoami" on the host which you want to monitor

Add a User parameter on the Zabbix Agent Conf file (change the path to the powershell script as required)

UserParameter=whoami,powershell -NoProfile -ExecutionPolicy Bypass -File c:\zabbix\plugins\zbx-whoami\whoami.ps1

Code:

clear
function Convert-QueryToObjects
{
    [CmdletBinding()]
    [Alias('QueryToObject')]
    [OutputType([PSCustomObject])]
    param
    (
        [Parameter(Mandatory = $false,
                   ValueFromPipeline = $true,
                   ValueFromPipelineByPropertyName = $true,
                   Position = 0)]
        [Alias('ComputerName', 'Computer')]
        [string]
        $Name = $env:COMPUTERNAME
    )

    Process
    {
        Write-Verbose "Running query.exe against $Name."
        $Users = query user /server:$Name 2>&1

        if ($Users -like "*No User exists*")
        {
            # Handle no user's found returned from query.
            # Returned: 'No User exists for *'
            #Write-Error "There were no users found on $Name : $Users"
            #Write-Verbose "There were no users found on $Name."
            Write-Host No-Login
        }
        elseif ($Users -like "*Error*")
        {
            # Handle errored returned by query.
            # Returned: 'Error ...<message>...'
            #Write-Error "There was an error running query against $Name : $Users"
            #Write-Verbose "There was an error running query against $Name."
            Write-Host Error
        }
        elseif ($Users -eq $null -and $ErrorActionPreference -eq 'SilentlyContinue')
        {
            # Handdle null output called by -ErrorAction.
            Write-Verbose "Error action has supressed output from query.exe. Results were null."
        }
        else
        {
            Write-Verbose "Users found on $Name. Converting output from text."

            # Conversion logic. Handles the fact that the sessionname column may be populated or not.
            $Users = $Users | ForEach-Object {
                (($_.trim() -replace ">" -replace "(?m)^([A-Za-z0-9]{3,})\s+(\d{1,2}\s+\w+)", '$1  none  $2' -replace "\s{2,}", "," -replace "none", $null))
            } | ConvertFrom-Csv

            Write-Verbose "Generating output for $($Users.Count) users connected to $Name."

            # Output objects.
            foreach ($User in $Users)
            {
                Write-Verbose $User
                if ($VerbosePreference -eq 'Continue')
                {
                    # Add '| Out-Host' if -Verbose is tripped.
                    [PSCustomObject]@{
                        ComputerName = $Name
                        Username = $User.USERNAME
                        SessionState = $User.STATE.Replace("Disc", "Disconnected")
                        SessionType = $($User.SESSIONNAME -Replace '#', '' -Replace "[0-9]+", "")
                    } | Out-Host
                }
                else
                {
                    # Standard output.
                    [PSCustomObject]@{
                        ComputerName = $Name
                        Username = $User.USERNAME
                        SessionState = $User.STATE.Replace("Disc", "Disconnected")
                        SessionType = $($User.SESSIONNAME -Replace '#', '' -Replace "[0-9]+", "")
                    }
                }
            }
        }
    }
}

Convert-QueryToObjects | ForEach-Object {

        if ($_.SessionState -eq 'Active') {
            Write-Host -NoNewline $_.UserName ""
        }

        elseif ($_.SessionState -eq 'Disconnected') {
            Write-Host -NoNewline "^" $_.UserName ""
        }

    }

    Write-Host

**Hello There** · 07-01-2019, 13:38

Thanks. I'll try that now.

**Hello There** · 07-01-2019, 14:46

It says Unsupported item key.
I configured it like this...

Attached Files

**boyemillar** · 07-01-2019, 14:53

Mines is set to Zabbix Agent Active

Can you run the script in Powershell just to make sure you get an output

**Hello There** · 07-01-2019, 16:27

Yes, I can run the script.

**boyemillar** · 07-01-2019, 16:32

Is there anything in the Zabbix log on the agent side...? I'm assuming the agent is setup to allow ServerActive checks

**Hello There** · 08-01-2019, 08:22

Since I've installed Zabbix Agent (three days ago), it says
"1060:20190108:071202.672 no active checks on server [192.9.102.17:10051]: host [Windows host] not found"

Yes, I have specified an IP addresses for both... for Server Passive checks as well as for Server Active checks in zabbix_agentd.conf.

This is my configuration of the server in Zabbix... See the attachment.

Attached Files

**boyemillar** · 08-01-2019, 12:06

You dont need the extra interface on the host "10051" ... Here is my config from the Host side.

Can you post your Agent conf file..?

**Hello There** · 08-01-2019, 13:26

Before we continue I'd like to share my goal. I want to create a trigger that will warn me if a particular user logs to a particular computer via RDP.

**boyemillar** · 08-01-2019, 14:03

I just use this "whoami" item to monitor if there is a logged on user on one of a set of 20 particular machines.... i can then look back to see who has been logged in over the past number of hours. A simple regex trigger could easily be setup to warn if a particular username logs in but it's not something i require.

Ad Widget

Monitor RDP Session Username

Monitor RDP Session Username

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment