Ad Widget

**batchenr** · 06-07-2017, 12:31

Originally posted by alientm

Is it possible for the zabbix agent to monitor the registry keys / values?
I'm mainly about monitoring the screen saver time.

Does anyone have an working example?

We’ll be back soon!

https://www.zabbix.com/forum/showthread.php?t=16456

**alientm** · 06-07-2017, 13:03

Thanks for the link, I checked this topic before and I have a problem with "Registry Entry Not Found"

**batchenr** · 06-07-2017, 13:18

Originally posted by alientm

Thanks for the link, I checked this topic before and I have a problem with "Registry Entry Not Found"

can you post you item key ?
and do you monitor by agent or snmp ?

**alientm** · 06-07-2017, 14:10

zabbix_agentd.conf:
UserParameter=reg.LoggedInUser,C:\Windows\system32 \cscript.exe /nologo /T:10 C:\Temp\scripts\reginfo.vbs 1 "Control Panel\Desktop" 3 "ScreenSaveTimeOut"

**batchenr** · 06-07-2017, 14:39

Originally posted by alientm

zabbix_agentd.conf:
UserParameter=reg.LoggedInUser,C:\Windows\system32 \cscript.exe /nologo /T:10 C:\Temp\scripts\reginfo.vbs 1 "Control Panel\Desktop" 3 "ScreenSaveTimeOut"

[ATTACH]9936[/ATTACH]

ok so its a script that you made
what does this script do ?
what is this script output ?

**alientm** · 07-07-2017, 07:51

I used a script from the topic:

We’ll be back soon!

https://www.zabbix.com/forum/showthread.php?t=16456

I changed:

#Get name of most recently logged in user
UserParameter=reg.LoggedInUser,%systemroot%\system 32\cscript.exe /nologo /T:10 c:\zabbix\scripts\reginfo.vbs 2 "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" 3 "DefaultUserName"

to:
UserParameter=reg.LoggedInUser,C:\Windows\system32 \cscript.exe /nologo /T:10 C:\Temp\scripts\reginfo.vbs 1 "Control Panel\Desktop" 3 "ScreenSaveTimeOut"

I think the script should go to
1 = HKEY_CURRENT_USER
later
"Control Panel\Desktop"
and get value of
3 "ScreenSaveTimeOut"

but output is now:
2017-07-07 07:41:07
Registry Entry Not Found
2017-07-07 07:40:37
Registry Entry Not Found
2017-07-07 07:40:07
Registry Entry Not Found
...

for test pc value of ScreenSaveTimeOut is 180

**batchenr** · 10-07-2017, 09:14

Originally posted by alientm

I used a script from the topic:

We’ll be back soon!

https://www.zabbix.com/forum/showthread.php?t=16456

I changed:

#Get name of most recently logged in user
UserParameter=reg.LoggedInUser,%systemroot%\system 32\cscript.exe /nologo /T:10 c:\zabbix\scripts\reginfo.vbs 2 "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" 3 "DefaultUserName"

to:
UserParameter=reg.LoggedInUser,C:\Windows\system32 \cscript.exe /nologo /T:10 C:\Temp\scripts\reginfo.vbs 1 "Control Panel\Desktop" 3 "ScreenSaveTimeOut"

I think the script should go to
1 = HKEY_CURRENT_USER
later
"Control Panel\Desktop"
and get value of
3 "ScreenSaveTimeOut"

but output is now:
2017-07-07 07:41:07
Registry Entry Not Found
2017-07-07 07:40:37
Registry Entry Not Found
2017-07-07 07:40:07
Registry Entry Not Found
...

for test pc value of ScreenSaveTimeOut is 180

Code:

UserParameter=reg.LoggedInUser,%systemroot%\system 32\cscript.exe /nologo /T:10 c:\zabbix\scripts\reginfo.vbs 2 "SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon" 3 "DefaultUserName"


This uses the Windows command-line-based scripting host (cscript.exe). The "/nologo" argument hides the banner normally displayed by cscript, and the "/T:10" argument prevents the script from running for more than ten seconds. 

Then in zabbix server, you create an Item of type "Zabbix Agent" with the key you defined in the zabbix_agentd.conf file of your client(s). Using the above examples the keys would be: reg.LMSoftwareSubKeyCount, reg.CUSoftwareSubKeyCount, reg.CUProxyEnable, reg.CURunCount, reg.CURunOnceCount, and reg.LoggedInUser

and somone who had same error as you said :

Code:

It now turns out it was all due to the error of the script always returning "Registry Entry Not Found"
The item that became unsupported was numeric and that of course can't cope with that text.

I'm now doing a quick-and-dirty fix by making that string empty
strValue = "Registry Entry Not Found"

strValue = ""

**alientm** · 10-07-2017, 09:52

Originally posted by batchenr

Code:

It now turns out it was all due to the error of the script always returning "Registry Entry Not Found"
The item that became unsupported was numeric and that of course can't cope with that text.

I'm now doing a quick-and-dirty fix by making that string empty
strValue = "Registry Entry Not Found"

strValue = ""

I do not know how to do that,

I edited the file reginfo.vbs,
replace "Registry Entry Not Found" to "" and still:

2017-07-10 09:49:37
Registry Entry Not Found
2017-07-10 09:49:07
Registry Entry Not Found
2017-07-10 09:48:37
Registry Entry Not Found

**Atsushi** · 10-07-2017, 10:30

If you execute the script via the Zabbix agent,
it is executed with the authority of the user who is running the Zabbix agent.
It will not run under the privileges of the logged-on user.

Then, since HKEY_CURRENT_USER can only be accessed by the user who is currently logged in,
HKEY_CURRENT_USER will not be able to be acquired from the Zabbix agent.

Please try to check HKEY_USERS\S-1-5-21xxx\Control Panel\Desktop\ScreenSaveTimeOut.
It may be possible to acquire it under the key HKEY_USERS.

**alientm** · 10-07-2017, 11:05

Originally posted by Atsushi

If you execute the script via the Zabbix agent,
it is executed with the authority of the user who is running the Zabbix agent.
It will not run under the privileges of the logged-on user.

Then, since HKEY_CURRENT_USER can only be accessed by the user who is currently logged in,
HKEY_CURRENT_USER will not be able to be acquired from the Zabbix agent.

Please try to check HKEY_USERS\S-1-5-21xxx\Control Panel\Desktop\ScreenSaveTimeOut.
It may be possible to acquire it under the key HKEY_USERS.

Thank you, your suggestion was correct!

2017-07-10 11:01:07
180
2017-07-10 11:00:37
180
2017-07-10 11:00:07
180
2017-07-10 10:59:37
300
2017-07-10 10:59:07
300

Ad Widget

Monitor windows registry key ?

Monitor windows registry key ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment