check av in windows os
dear reader,
Referring to this thread:
I'm trying to setup av monitoring. The idea is to check if it is up and running and up to date. Every other outcome, should produce a warning.
Enabled userparamter and user parameterunsafe in agent. Set timeout in server to 10s.
trigger: ({DESKTOP-GQG9LLB
roduct_state.last(0)}<>266240) and ({DESKTOP-GQG9LLBroduct_state.last(0)}<>397312) and ({DESKTOP-GQG9LLBroduct_state.last(0)}<>397568)
first tested a wmic line:
UserParameter=product_state,wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET /value | find "productState"
this outputs productState=123456. The item in server says a numeric value is expected instead of a string. When setting the item to "character" there are no errors at item level, but then the trigger produces an error. The item value "product_state" now returns "productState=123455" and it can only compare numeric values.
So i thought i'd only want the number as result and not the whole "productState=12345"
so next
a powershell script which actually only produces the numeric value:
UserParameter=product_state,C:\Windows\System32\Wi ndowsPowerShell\v1.0\powershell.exe -nologo C:\zabbix\av_check.ps1
This script, which runs for a millisecond, gives a timeout exceed on the item in server.
third tried a batch, which also has the number as outcome when running in cmd.exe:
FOR /F %%A IN ('WMIC.EXE /NAMESPACE:\\root\SecurityCenter2 Path AntiVirusProduct Get ProductState ^| FINDSTR.EXE /R /C:"[0-9]"') DO SET ProductState=%%A
echo.%ProductState%
UserParameter=product_state,C:\zabbix\av_check.bat
serverside in item it now comes with a result %ProductState% . Again with error a numeric value is expected.
i've been struggling now for 4 days with this. Can anyone help me out?
BTW when running:
zabbix_agentd.exe --test "product_state" locally on the client all userparameters return:
product_state [m|ZBX_NOTSUPPORTED] [Unsupported item key.]
which is strange since the item result serverside actually shows data being generated.
Referring to this thread:
I'm trying to setup av monitoring. The idea is to check if it is up and running and up to date. Every other outcome, should produce a warning.
Enabled userparamter and user parameterunsafe in agent. Set timeout in server to 10s.
trigger: ({DESKTOP-GQG9LLB
roduct_state.last(0)}<>266240) and ({DESKTOP-GQG9LLBroduct_state.last(0)}<>397312) and ({DESKTOP-GQG9LLBroduct_state.last(0)}<>397568)first tested a wmic line:
UserParameter=product_state,wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct GET /value | find "productState"
this outputs productState=123456. The item in server says a numeric value is expected instead of a string. When setting the item to "character" there are no errors at item level, but then the trigger produces an error. The item value "product_state" now returns "productState=123455" and it can only compare numeric values.
So i thought i'd only want the number as result and not the whole "productState=12345"
so next
a powershell script which actually only produces the numeric value:
UserParameter=product_state,C:\Windows\System32\Wi ndowsPowerShell\v1.0\powershell.exe -nologo C:\zabbix\av_check.ps1
This script, which runs for a millisecond, gives a timeout exceed on the item in server.
third tried a batch, which also has the number as outcome when running in cmd.exe:
FOR /F %%A IN ('WMIC.EXE /NAMESPACE:\\root\SecurityCenter2 Path AntiVirusProduct Get ProductState ^| FINDSTR.EXE /R /C:"[0-9]"') DO SET ProductState=%%A
echo.%ProductState%
UserParameter=product_state,C:\zabbix\av_check.bat
serverside in item it now comes with a result %ProductState% . Again with error a numeric value is expected.
i've been struggling now for 4 days with this. Can anyone help me out?
BTW when running:
zabbix_agentd.exe --test "product_state" locally on the client all userparameters return:
product_state [m|ZBX_NOTSUPPORTED] [Unsupported item key.]
which is strange since the item result serverside actually shows data being generated.
Comment