I know how to monitor the service itself, but how would you monitor the state of the firewall as it applies to individual profiles? (domain/private/public).
-
-
I'm going to test this:
UserParamater=win.advfirewall,netsh advfirewall show AllProfiles state | find /c "OFF"
Any value > 0 is bad. -
I ended up making a simple powershell script for each firewall profile:
$data = netsh advfirewall show domainprofile
$data = $data[3]
$data -Match "ON"
created an item:
system.run[powershell.exe -command c:\Zabbix_Agent\scripts\DomainFirewallStatus.ps1]
and a trigger:
{Test-Firewall-State:system.run[powershell.exe -command c:\Zabbix_Agent\scripts\DomainFirewallStatus.ps1].str(True)}=0
The scripts have to be on the local machines. They run and return either True or False. If the trigger is not true, then the alert is triggered.Comment
-
Can You step by step (maybe with screenshots) show how You to start monitoring windows firewall? How exactly does your script and where to write it, how to start script?Comment
-
I've also learned that Windows will sometimes report false status using these methods. It appears on systems where firewall policy has been set locally and via GPO inconsistently and in systems with multiple nics with different firewall status.
I'm not a Windows admin, I just have to listen to their complaints about Zabbix tests...Comment
-
Comment
-
-
Solved. A wrong data type in "items" was selected.Comment
-
Zabbix agents on Linux, FreeBSD, Windows, AVM-Fritz!box, DD-WRT and QNAPComment
Comment