One of the nice features in Foglight is the possibility to extend the existing monitoring capabilities by custom script agents. Unfortunately it is not possible to directly call PowerShell scripts within Foglight.
In the following, I would like to describe how to bypass this restriction by using a Windows batch file. The example will be a script that reads information about Windows start times from a XML file generated by the operating system, for alarming and statistical purposes.
A requirement to use PowerShell scripts is to allow their execution. To do so the command “Set-ExecutionPolicy unrestricted" must be executed within the PowerShell command line. The possible parameters are:
- Restricted – No scripts can be executed. Interactive mode only.
- AllSigned – Only trusted scripts can be executed.
- RemoteSigned – Downloaded scripts have to be signed by a trusted author.
- Unrestricted – All Windows PowerShell scripts can be executed without any restriction.
If the 32Bit and 64Bit version of PowerShell is installed at the same time, the “Set-ExecutionPolicy” command should be executed in both environments.
The purpose of the following script is to read the values of the startup timing for various processes and services, from a XML file. This file was generated by the Windows operating system. A useful tool to explore the structure of XML files is the XML notepad from Microsoft. It helps to find the path to a desired value.
The script Bootcheck.ps1
Param(
[string]$verzeichnis
)
#Path and name of the XML file
[xml]$test = Get-Content "$verzeichnis"
#Values to the variables res1 – res7
$res1 = $test.results.boot.timing.bootDoneViaPostBoot
$res2 = $test.results.boot.timing.bootDoneViaExplorer
$res3 = $test.results.boot.timing.interval[2].winlogon.notification[0].startTime
$res4 = $test.results.boot.timing.interval[2].winlogon.notification[0].endTime
$out = $test.results.boot.processSummary.unexpectedShortlived.process | where-object {$_.name -eq "CMIGuiServer.exe"}| %{$_.lifetime -replace ' ', ''}
if (!$out) {$res5 = "0"}
else {$res5 = $out.TrimStart("lifetime")}
$out = $test.results.boot.services.serviceTransition | where-object {$_.name -eq "McAfeeFramework"}| findstr "totalTransitionTimeDelta" | %{$_ -replace ' ', ''} | %{$_ -replace ':',''}
if (!$out) {$res6 = "0"}
else {$res6 = $out.TrimStart("totalTransitionTimeDelta")}
$out = $test.results.boot.services.serviceTransition | where-object {$_.name -eq "LANDesk Targeted Multicast"}| findstr "totalTransitionTimeDelta" | %{$_ -replace ' ', ''} | %{$_ -replace ':',''}
if (!$out) {$res7 = "0"}
else {$res7 = $out.TrimStart("totalTransitionTimeDelta")}
#Values to Foglight
echo "TABLE BootInfo"
echo "START_SAMPLE_PERIOD"
echo "bootDoneViaPostBoot:millisecond = $res1"
echo "bootDoneViaExplorer:millisecond = $res2"
echo "CreateSessionStartTime:millisecond = $res3"
echo "CreateSessionEndTime:millisecond = $res4"
echo "CMIGuiLifeTime:millisecond = $res5"
echo "McAfeeTTTDelta:millisecond = $res6"
echo "LanDeskTTTDelta:millisecond = $res7"
echo "END_SAMPLE_PERIOD"
echo "END_TABLE"
To execute the script from Foglight it must be called within an Windows batch script.
The batch file Checkboot.bat
@echo off
if not "%ECHO%"=="" echo %ECHO%
if not "%OS%"=="Windows_NT" goto EXIT
if "%sample_freq%"=="" set sample_freq=60
powershell.exe .\bootcheck.ps1 -verzeichnis "C:\Kunden\neu\boot_1.xml" < NUL
In this example, the XML file boot_1.xml is located in the directory C:\Kunden\neu. The PowerShell script lies in the same directory as the batch file.
The import into Foglight works as usual under "Administration/Tooling/Script Agent Builder."
Rules and dashboards for alarming and visualization, can now be created for the customer agent. To simplify the deployment and the portability of the agent, all components of the agent can be bundled into a Foglight cartridge file. Since version 5.7.1 Foglight offers a separate cartridge called „Cartridge builder“. The necessary file „Cart-Builder-Complete-5_6_5.car“, can be found under the Tools directory of the Foglight installation. It should be imported into Foglight to enable the cartridge builder under „Development tools“.
To learn more on this process join the Foglight community.