Configuring Windows PowerShell monitor type

You can configure script monitoring in Windows environments.

The KM maintains a set of scripts on a host where a PATROL Agent is running. According to policy configuration, the scripts would run on the target hosts (both remote and local) and the output of the execution is consumed by the KM to set values to attributes. Connection to the remote hosts is done by using PowerShell connections.

You can also use the monitor type to run a script with multiple output instances on a local target host where a PATROL Agent is running. For such cases, you do not need to provide credentials. You can also configure the unit of the script outputs and configure if the output is a KPI. For more information, see Configuring-metadata-for-script-outputs.

To configure LINUX-UNIX shell scripts monitor type

Perform one of the following actions:
- In BMC Helix Operations Management, click Configuration > Monitoring Policies > Create Policy.
- In TrueSight Operations Management, click Configuration > Infrastructure Policies > Create Policy.
Click Add Monitoring Configuration.
To configure the KM, set the following preferences in the Add Monitoring Configuration dialog box:
Monitoring Solution
Monitor Profile
Monitor Type
Scripting
Windows
Windows PowerShell

Monitoring Solution	Monitor Profile	Monitor Type
Scripting	Windows	Windows PowerShell

To configure the monitor type, you need to configure the devices where the script will run and the scripts that need to run on these devices. You can either configure each device individually, and the scripts run on the device or configure a file that lists devices and scripts. In the monitor type, you can configure default and similar configurations to access devices and scripts in the Default Configurations section.

Device configuration

Click the Add button and enter the remote device and details of the script running on the device. You can configure multiple scripts to run on a device.

Field	Description
Device name/IP	Enter a host name or an IP address. The name can be short or long. The KM uses this value while setting up a remote PowerShell connection with the target device. For a remote host, a remote PowerShell connection is used. For a local host, a local PowerShell connection is used, and therefore, a user name and password to access it are not required. You can also enter an alias name. If you enter an alias name in the field, you must enter the device IP address in the Forced IP Address field. Using an alias and not a real direct name is useful when you want to force access to the remote target device on a nonresolvable name and IP address (for example, when devices have multiple network adapters). The name must match the following regular expression pattern - ^[0-9a-zA-Z._%:-]+$. If you want to run the script that generates multiple output instances and runs on a local host, enter the name or IP address of the host where the PATROL Agent and the KM are installed.
Forced IP Address	Enter the IP address of the device that you want to monitor. If you entered the host name or IP address in the Device name/IP field, leave this field blank. The input in the field must match the following regular expression pattern - *[^(?:(^((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4}))?):{1,2}((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4}))?)$)\|(^(25[0-5]\|2[0-4]\d\|[0-1]?\d?\d)(\.(25[0-5]\|2[0-4]\d\|[0-1]?\d?\d)){3}$))]]>.*
Category	Enter a category name to group the devices. A container is created with the category name. Do not enter the following characters in the field - *<>\/\|":?]]**.
Timeout (sec)	Enter the connection timeout period in seconds. A target device might not be available or might be very slow to respond. In such scenarios, ensure that the KM does not wait for it and stops responding. You can define the maximum time to allow to establish a connection. If the time elapses, the KM understands that there is a failure to monitor using the script. If the network or target host is slow, you can still get the KM to work properly by allowing a longer timeout period. The minimum value is 1 second, and the maximum value is 3600 seconds. The default value is 5 seconds.
Poll interval (sec)	The PATROL Agent maintains a set of remote PowerShell connections with all target hosts. If a connection breaks, the PATROL Agent can reconnect smoothly. The KM checks the status of the PowerShell connection at the interval set in this field. By default, the KM checks the connection status every 300 seconds. The minimum value is 10 seconds, and the maximum value is 100,000 seconds.
Scripts	Click the Add button to configure script details.
Name	Enter a display name for the script. A container is created with the script display name. This container holds the attributes for the script instance. Input in the field must match the following regular expression pattern: ^[0-9a-zA-Z._%:-]+$. Example of the display name - FileSizeMonitor.ps1, GetServiceStatus.ps1.
Script Path	Enter the path at the remote computers from where you want to run the script. The following inputs in the field are supported: Absolute path of the script file: Enter the absolute path of the location on the target computer where the script would be copied before execution. For example: \tmp\myScript.ps1 path means that the myScript.ps1 file is located on the PATROL Agent host computer, and it will be moved to the \tmp folder on the target computer. The script file would run from this location. The file is uploaded every time when the source of the script changes on the PATROL Agent host. In some cases, you might want to run a script file with other files (for example, data) that are bundled with the script. In such cases, the KM uploads these files along with the script file. To use this feature, add all the files along with the script file to a .zip or .tar file on the PATROL Agent file system. Enter the absolute path of the .zip or .tar file in this field. The archive must have the same name as the base script for the KM to upload the content of the .zip or .tar file to the target host. For example, if the policy is defined with \tmp\myScriptDir\myScript.ps1 value, the .zip file name must be myScript.zip on the PATROL Agent file system. Alternatively, to run a script file with other files, add all the files to a folder and add the following comment at the first line of the script file: #requires <absolute path of the folder where all required files are located> Along with the script file, the KM would copy the files mentioned in the folder and would run them with the script. To ensure that the most updated script runs on the target computers, save the script files in any of the following folders: %PATROL_HOME%\TROMS\Conf\Scripts\ScriptFileTransfer\Devices\DeviceName\ %PATROL_HOME%\TROMS\Conf\Scripts\ScriptFileTransfer\ %PATROL_HOME%\TROMS\Conf\Scripts\Samples\) The KM first checks if the mentioned script file is located in any of these folders. If the script file is present at any of these folders, the script file is copied to the specified target computer location. If the script does not exist on the PATROL Agent filesystem in the accepted formats (simple file, .tar, or .zip), the Script Status attribute generates an alert with an annotation containing the problem details. One OS command line (also known as one-liner): The script used by the monitor can be a simple or complex command. Use (;) semicolon to separate commands. For example, the following line can be used to identify the processes with the highest CPU. Get-Process \| Sort-Object CPU -desc \| Select-Object -first 10 \|fl Name,CPU,Id,Handles,WS,VM,NPM,PM Important: Formatted output (Format-List) is supported only in one-liner commands. In the absolute path, you must edit the script file output and provide a supported format. Both script output and on-liner output must have a valid output according to the supported format definition. For more information, see Defining the script output for Windows environments. Windows monitor profile in the KM supports execution of scripts in all formats (.exe, .bat, .perl, .python, and so on). To run a script file with an extension other than .sh, create an entry for the extension in the following file and restart PATROL Agent: %PATROL_HOME%\TROMS\Conf\Properties\runtimeExtensions.properties The following out-of-the-box entries are available in the file: .pl=perl .plx=perl .py=python .php=C:\php\php.exe In the runtimeExtensions.properties file, ensure that the ApplyRuntime variable is set to true.
Arguments	Enter the arguments that are passed during the script execution. Separate multiple arguments with a space. For example, a script file that returns the log file size must have the argument of the log file name.
Content match	In addition to monitoring numeric values, the KM is capable of monitoring a specific text pattern returned by the script during execution. This is useful when you need to enable a certain value where the actual numeric value is the same. The KM scans for the value defined in this field. It returns an annotation text along with the value and the text defined in this field. A single or a semicolon separated list of regular expressions is supported. The syntax of regular expression has to be considered valid for usage with Oracle Java (java.util.regex).
Timeout (sec)	Enter the connection timeout period in seconds. A target device might not be available or might be very slow to respond. In such scenarios, to ensure that the KM does not wait for it and stops responding, you can define the maximum time to allow to establish a connection. If the time elapses, the KM understands that there is a failure to monitor using the script. If the network or target host is slow, you can still get the KM to work properly by allowing a longer timeout period. The minimum value is 1 second and the maximum value is 3600 seconds. The default value is 5 seconds. If the configured script does not provide a result in the specified time period, a timeout annotation message is displayed in the Status attribute of the configured script. If the configured script runs successfully, the values of Content match, Script response time, Exit Status, and Script value attributes are updated. The minimum value is 1 second and the maximum value is 3600 seconds. Default timeout value is 5 seconds. Important: The script execution is terminated in case of a timeout alert.
Poll interval (sec)	The PATROL Agent maintains a set of connections to all target hosts. If a connection breaks, the PATROL Agent can reconnect smoothly. The KM checks the status of the connection at the interval set in this field. By default, the KM checks the connection status every 300 seconds. The minimum value is 10 seconds, and the maximum value is 100,000 seconds.
Independent monitor view	Select this check box to configure the Scripting KM to create a monitor showing independently within the associated device.
Enable events for single value script annotation	Select this check box to enable events for single value script annotation. For more details about single value, see Defining-the-script-output-Linux.
Scheduling Script monitoring
Enable Scheduling for above Script	Select this checkbox to enable script scheduling. By default, this script will be monitored continuously at every poll time of the collector (5mins). Important To execute the script, you must match the date, day, and time.
Date of the month (regex supported)	Enter a date on which you want to execute the script. You can specify multiple dates by using regex. Example To monitor the system only on the 1st, 2nd, and 3rd of each month, enter ^[1,2,3]$".
Day	Select the day or days on which you want to execute the script.
Start Time (HH:MM)	Enter the start time for monitoring. The input must match the following regex pattern: ^([01]?[0-9]\|2[0-3]):[0-5][0-9]$. Example Enter 18:30 to start monitoring after 18:30 hours.
End Time (HH:MM)	Enter the end time for monitoring. The input must match the following regex pattern: ^([01]?[0-9]\|2[0-3]):[0-5][0-9]$. Example Enter 21:30 to stop monitoring after 21:30 hours.
Credentials configuration	Enter the credentials to connect to the remote host. If this field is left blank, the PATROL Agent default account username is used for the connection. If you want to run the script that generates multiple output instances and runs on a local host, you can leave the fields in the section blank.
Username	Enter the username used to connect to the remote host.
Password	Enter the password corresponding to the username.
Confirm Password	Re-enter the password.
Authentication Type	Select the one of the following authentication methods: Kerberos Negotiate Use shared authentication
Connection Protocol	Select one of the following protocols: HTTP HTTPS Use shared protocol
Port Number	Enter the PowerShell port number to connect to the configured device. The default port number is 5985. If you want to run the script that generates multiple output instances and runs on a local host, you can leave the field blank.

Configuration file based monitoring

Configure scripts and devices from a file.

Field	Description
Import devices from files	The KM enables you to import devices and the script file names that you want to run in a file. To import the device and script names in a file, select the check box. To use the feature, copy all the script files at the following location on the PATROL Agent - %PATROL_HOME%\TROMS\Conf\ImportDevices. PATROL Agent reads the files and configures the devices and scripts within each file. An instance name is created for the configured files. The instance name is similar to the file name. All devices and scripts in a file are grouped under the same instance. A read me file with instructions on how to configure from file is located at the following location - %PATROL_HOME%/TROMS/Conf/ImportDevices. Template for configuring from file: # Device Name/IP,Forced IP Address,Port,Connection timeout, Connection poll interval,Username,Password,Authentication Protocol,Connection Protocol\|Script nameScript pathScript argumentsScript timeoutScript poll IntervalScript RegEx to search\|Script nameScript pathScript argumentsScript timeoutScript poll IntervalScript RegEx to search Example 1: To configure a device with three scripts that run RegEx 'ERR' when all the details are available. clm-aus-013799,172.22.177.167,5985,2000,60,bmc,bmcuser123,0,0\|scriptInstaneName1C:/user/apps/myAppsCPU.bat60300ERR\|scriptInstaneName2C:/user/apps/myAppsMEM.bat*60300ERR\|scriptInstaneName3C:/user/apps/myAppsSESSION.bat*60300ERR\| Example 2:* To configure a device with three scripts that run without a RegEx when only a username is available. clm-aus-013799,172.22.177.167,5985,2000,60,bmc,,,\|scriptInstaneName1C:/user/apps/myAppsCPU.bat60300\|scriptInstaneName2C:/user/apps/myAppsMEM.bat*60300\|scriptInstaneName3C:/user/apps/myAppsSESSION.bat*60300\| Example 3:* To configure a device with default configuration (Port,Connection timeout,Connection poll interval,Username,Password,Authentication protocol,Connection protocol) (Script timeoutScript poll Interval). clm-aus-013799,172.22.177.167,,,,,,,\|scriptInstaneName1C:/user/apps/myAppsCPU.bat\|scriptInstaneName2*C:/user/apps/myAppsMEM.bat

Field

Description

Import devices from files

The KM enables you to import devices and the script file names that you want to run in a file. To import the device and script names in a file, select the check box.

To use the feature, copy all the script files at the following location on the PATROL Agent - %PATROL_HOME%\TROMS\Conf\ImportDevices. PATROL Agent reads the files and configures the devices and scripts within each file.

An instance name is created for the configured files. The instance name is similar to the file name. All devices and scripts in a file are grouped under the same instance.

A read me file with instructions on how to configure from file is located at the following location - %PATROL_HOME%/TROMS/Conf/ImportDevices.

Template for configuring from file:

# Device Name/IP,Forced IP Address,Port,Connection timeout, Connection poll interval,Username,Password,Authentication Protocol,Connection Protocol|Script name*Script path*Script arguments*Script timeout*Script poll Interval*Script RegEx to search|Script name*Script path*Script arguments*Script timeout*Script poll Interval*Script RegEx to search

Example 1:

To configure a device with three scripts that run RegEx 'ERR' when all the details are available.

clm-aus-013799,172.22.177.167,5985,2000,60,bmc,bmcuser123,0,0|scriptInstaneName1*C:/user/apps/myAppsCPU.bat**60*300*ERR|scriptInstaneName2*C:/user/apps/myAppsMEM.bat**60*300*ERR|scriptInstaneName3*C:/user/apps/myAppsSESSION.bat**60*300*ERR|

Example 2:

To configure a device with three scripts that run without a RegEx when only a username is available.

clm-aus-013799,172.22.177.167,5985,2000,60,bmc,,,|scriptInstaneName1*C:/user/apps/myAppsCPU.bat**60*300*|scriptInstaneName2*C:/user/apps/myAppsMEM.bat**60*300*|scriptInstaneName3*C:/user/apps/myAppsSESSION.bat**60*300*|

Example 3:

To configure a device with default configuration (Port,Connection timeout,Connection poll interval,Username,Password,Authentication protocol,Connection protocol) (Script timeout*Script poll Interval).

clm-aus-013799,172.22.177.167,,,,,,,|scriptInstaneName1*C:/user/apps/myAppsCPU.bat|scriptInstaneName2*C:/user/apps/myAppsMEM.bat

Default configuration

Field	Description
Default device configuration
Timeout (sec)	Enter the connection timeout period in seconds. A target device might not be available or might be very slow to respond. In such scenarios, to ensure that the KM does not wait for it and stops responding, you can define the maximum time to allow to establish a connection. If the time elapses, the KM understands that there is a failure to monitor using the script. If the network or target host is slow, you can still get the KM to work properly by allowing a longer timeout period. The minimum value is 1 second, and the maximum value is 3600 seconds. The default value is 5 seconds.
Poll interval (sec)	The PATROL Agent maintains a set of connections to all target hosts. If a connection breaks, the PATROL Agent can reconnect smoothly. The KM checks the status of the connection at the interval set in this field. By default, the KM checks the connection status every 300 seconds. The minimum value is 10 seconds, and the maximum value is 100,000 seconds.
Credentials configuration
Username	Enter the username to connect to the remote device.
Password	Enter the password corresponding to the username.
Confirm Password	Re-enter the password.
Authentication Type	Select the authentication from the following: Negotiate Kerberos
Connection Protocol	Select the protocol from the following: HTTP HTTPS
Port	Enter the PowerShell port number to connect to the configured device. The default port number is 5985.
Default script configuration
Timeout (sec)	Enter the script timeout in seconds. The default value is 30 seconds.
Poll interval (sec)	The PATROL Agent maintains a set of connections to all target hosts. If a connection breaks, the PATROL Agent can reconnect smoothly. The KM checks the status of the connection at the interval set in this field. By default, the KM checks the connection status every 300 seconds. The minimum value is 10 seconds, and the maximum value is 100,000 seconds.

Administration

Configure the section to use the KM more efficiently.

Field	Description
Root display name	Enter the name of the main container that would store all the scripts. The name must not contain the following characters - *< > \ / \| " : ?**.
Device mapping	Select one of the following device mapping modes: FQDN - Monitors are created on a device based on the monitored system's discovered Fully Qualified Domain Name (FQDN). Note: Ensure that the FQDN is configured on the target device and accessible. User defined - Monitors are created on a monitored device by using an alias name provided by the end user. Disable - Monitors are created on PATROL Agent devices. Important: If the configured Device name/IP is set using the alias name and the force IP address, the device gets mapped to the console with the Device name/IP instead of the device FQDN, although this option is selected.
Custom monitor types cleanup	Enables you to delete the old monitor types (known as knowledge modules that were created based on the scripts output and are no longer in use). Disable - Automatic cleanup is disabled. Daily - Automatic cleanup is enabled. Monitor types that have not been in use since the last day are deleted. Weekly - Automatic cleanup is enabled. Monitor types that have not been in use for the last week are deleted. Monthly - Automatic cleanup is enabled. Monitor types that have not been in use for the last month are deleted.
WinRM trusted hosts	Select the trusted host's option from the following: Disable - Addition of devices automatically to the WinRM trusted hosts is disabled. For more information, see Windows-PowerShell-remote-connection-requirements. Devices should be added manually to the trusted host. All - Enables connection to all of the remote hosts by setting the value to * to the WinRM trusted hosts. Device - Adds the remote device to the WinRM trusted hosts.
Enable logging	Select this check box to enable logging. The log files are located at %PATROL_HOME%\TROMS\logs, on the server where the PATROL Agent is running. By default, the debug is disabled.