With this plugin it is easy to do a massive monitoring of performance counters in Windows environments with a II service integrated, and also the monitoring of the
status of Sites, Application Pools, URLs and the events and registers of this service. Fore more information visit the following web page http://pandorafms.com/index.php?sec=Library&sec2=repository&lng=en&action=view_PUI&id_PUI=279
6. 4 DOCUMENTATION PROVIDED BY THE REQUESTING AREA
The requesting area must send the following information:
• Device requirements:
◦ Pandora FMS agents installed
• A Powershell 2.0 console to execute the plugin. By default it comes installed in Windows
Server 2008 R2 and Windows 7 systems, but it should be downloaded for previous Windows
versions. Powershell is not compatible with Windows XP SP1 and lower.
• It is necessary that the user with which the Pandora FMS agent is executed, who is the user
that will execute the plugin has available the following system permissions:
◦ Local administration
• Poweshell scripts execution policy should be fixed as RemoteSigned or lower:
Set-ExecutionPolicy RemoteSigned
• The different plugins will automatically get the information about all the counters that we
have specified to them in a list in the file counters.txt and will generate one module by each
one in Pandora Plugin PerfCounter). And they also will get information about the status of
the critical elements for the IIS (Plugin IIS Status) server and also about the IIS registers and
the generated events that are related to it(Plugin IIS Logs e IIS Events)
Page 6
7. 5 MODULES PROVIDED BY THE PLUGIN
• Service verification
◦ Serv_IISADMIN
◦ Serv_MSFTPSVC
◦ Serv_NntpSvc
◦ Serv_SMTPSVC
◦ Serv_W3SVC
◦ Serv_HTTPFilter
• IIS status verification
◦ AppPool Status – AppPoolName
◦ Site Status – SiteName
◦ WebURL Status – URL
• IIS events verification
◦ Event ID
• IIS logs verification
◦ Error 404 – IIS Hostname
◦ Error 500 – IIS Hostname
◦ Error 503 – IIS Hostname
◦ Error 504 – IIS Hostname
◦ Error 505 – IIS Hostname
• Performance counter verification
◦ Web Service(*)Total Bytes Sent
◦ Web Service(*)Bytes Sent/sec
◦ Web Service(*)Total Bytes Received
◦ Web Service(*)Bytes Received/sec
◦ Web Service(*)Total Bytes Transferred
◦ Web Service(*)Bytes Total/sec
Page 7
8. ◦ Web Service(*)Total Files Sent
◦ Web Service(*)Files Sent/sec
◦ Web Service(*)Total Files Received
◦ Web Service(*)Files Received/sec
◦ Web Service(*)Total Files Transferred
◦ Web Service(*)Files/sec
◦ Web Service(*)Current Anonymous Users
◦ Web Service(*)Current NonAnonymous Users
◦ Web Service(*)Total Anonymous Users
◦ Web Service(*)Anonymous Users/sec
◦ Web Service(*)Total NonAnonymous Users
◦ Web Service(*)NonAnonymous Users/sec
◦ Web Service(*)Maximum Anonymous Users
◦ Web Service(*)Maximum NonAnonymous Users
◦ Web Service(*)Current Connections
◦ Web Service(*)Maximum Connections
◦ Web Service(*)Total Connection Attempts (all instances)
◦ Web Service(*)Connection Attempts/sec
◦ Web Service(*)Total Logon Attempts
◦ Web Service(*)Logon Attempts/sec
◦ Web Service(*)Total Options Requests
◦ Web Service(*)Options Requests/sec
◦ Web Service(*)Total Get Requests
◦ Web Service(*)Get Requests/sec
◦ Web Service(*)Total Post Requests
◦ Web Service(*)Post Requests/sec
◦ Web Service(*)Total Head Requests
◦ Web Service(*)Head Requests/sec
Page 8
9. ◦ Web Service(*)Total Put Requests
◦ Web Service(*)Put Requests/sec
◦ Web Service(*)Total Delete Requests
◦ Web Service(*)Delete Requests/sec
◦ Web Service(*)Total Trace Requests
◦ Web Service(*)Trace Requests/sec
◦ Web Service(*)Total Move Requests
◦ Web Service(*)Move Requests/sec
◦ Web Service(*)Total Copy Requests
◦ Web Service(*)Copy Requests/sec
◦ Web Service(*)Total Mkcol Requests
◦ Web Service(*)Mkcol Requests/sec
◦ Web Service(*)Total Propfind Requests
◦ Web Service(*)Propfind Requests/sec
◦ Web Service(*)Total Proppatch Requests
◦ Web Service(*)Proppatch Requests/sec
◦ Web Service(*)Total Search Requests
◦ Web Service(*)Search Requests/sec
◦ Web Service(*)Total Lock Requests
◦ Web Service(*)Lock Requests/sec
◦ Web Service(*)Total Unlock Requests
◦ Web Service(*)Unlock Requests/sec
◦ Web Service(*)Total Other Request Methods
◦ Web Service(*)Other Request Methods/sec
◦ Web Service(*)Total Method Requests
◦ Web Service(*)Total Method Requests/sec
◦ Web Service(*)Total CGI Requests
◦ Web Service(*)CGI Requests/sec
Page 9
10. ◦ Web Service(*)Total ISAPI Extension Requests
◦ Web Service(*)ISAPI Extension Requests/sec
◦ Web Service(*)Total Not Found Errors
◦ Web Service(*)Not Found Errors/sec
◦ Web Service(*)Total Locked Errors
◦ Web Service(*)Locked Errors/sec
◦ Web Service(*)Current CGI Requests
◦ Web Service(*)Current ISAPI Extension Requests
◦ Web Service(*)Maximum CGI Requests
◦ Web Service(*)Maximum ISAPI Extension Requests
◦ Web Service(*)Current CAL count for authenticated users
◦ Web Service(*)Maximum CAL count for authenticated users
◦ Web Service(*)Total count of failed CAL requests for authenticated users
◦ Web Service(*)Current CAL count for SSL connections
◦ Web Service(*)Maximum CAL count for SSL connections
◦ Web Service(*)Total count of failed CAL requests for SSL connections
◦ Web Service(*)Total Blocked Async I/O Requests
◦ Web Service(*)Total Allowed Async I/O Requests
◦ Web Service(*)Total Rejected Async I/O Requests
◦ Web Service(*)Current Blocked Async I/O Requests
◦ Web Service(*)Measured Async I/O Bandwidth Usage
◦ Web Service(*)Total blocked bandwidth bytes.
◦ Web Service(*)Current blocked bandwidth bytes.
◦ Web Service(*)Service Uptime
Page 10
12. 7 DEFAULT MONITORING
The Windows systems default monitoring includes:
• System resources monitoring
• Service monitoring
• System log and events monitoring
• Performance counters monitoring
7.1. General Monitoring
As we have lot of experience with Windows environments, we have considered that some modules
are interesting for a monitoring, and because of this they come installed by default in the
pandora_agent.conf.
There are several templates of configuration and plugins, with diferent modules by default in each
case, for each technology, apart from the default template.
7.2. Additional Configuration Fixes
NOTE: It is very important to consider that the configuration files thought for the plugin in WINDOWS
should be edited and saved with carriage returns type “WINDOWS” and that if we use “UNIX” type
carriage returns, the plugin won't work correctly .
There are some specific checks that have their own configuration “tokens”, that are described next:
7.2.1. Monitoring via Powershell
Considering that we have already installed and configured both Pandora and the system to monitor,
we are going to explain how to get information about the IIS server status in general, from the
activity of the different services to specific Powershell counters that through different cmdlets will
be in charge of checking critical elements of our systems
In this case, we will install both a Pandora software agent and the different plugins of the
Powershell agent in that machine.
Summarizing, an agent plugin is one script that is executed in the local machine where the software
agent is installed and that extract an useful information in XML format that the agent is going to
send after to the Pandora server in order to be procesed).
To do that the Pandora software agent that we have installed in our server to monitor execute that
scritp, we should edit the agent configuration file and do the call to the plugin through the
module_plugin configuration token.
Page 12
16. Name : service
RequiredServices : {service1, service2}
CanPauseAndContinue : False
CanShutdown : True
CanStop : True
DisplayName : This is a Windows Service
DependentServices : {service3}
MachineName : .
ServiceName : service
ServicesDependedOn : {service1, service2}
ServiceHandle : SafeServiceHandle
Status : Stopped
ServiceType : Win32ShareProcess
Site :
Container :
7.2.2. Monitoring the IIS registe r
It is possible to activate, if it isn't, the IIS register, to store one log with all these connections and its
status code, in the server side, as it is specified in the Microsoft articles:
http://support.microsoft.com/kb/318380/es
http://support.microsoft.com/kb/313437/es
It is possible to define modules that check the content of this register and that reports and generate
event any time that it founds information of these error codes that implies a service stop.
With this aim, we have developped a Powershell plugin to which, showing the store path of the IIS
logs or the path of one specific log file, will search in the selected log or in the current log in use, in
all the try of connection against the IIS, those which HTTP status code results to be one of the
following ones:
– 404: Not Found
– 500: Internal Server Error
– 503: Service Unavailable
– 504: Gateway Timeout
– 505: HTTP Version Not Supported
Page 16
17. This plugin parameters are the following:
-i Interval in seconds to look for new events
-offset Timezone difference (W3C Format Only - Timestamp in W3C log entries is
displayed in GMT zone)
-format IIS Log Format (W3C, IIS, NCSA)
-file Path to a specific IIS log file (not to be used with the path parameter)
-path Path to the IIS logs directory (not to be used with the file paramenter)
Usage example for a server with a local time of GMT+1:
.Pandora_Plugin_IIS_Log_v1.0.ps1 -format W3C -i 300 -offset 1 -path
L:ExchangeLogsIISW3SVC1 2> plugin_error.log
For the correct work of the plugin, it is important to consider that:
– The intervale to use should be the same that the agent intervale.
– In case of using the W3C log format (by default), you should use the offset parameter to fix
the different schedule from GMT to GMT+1(1).
– If you use the W3C log format, you should use the default log fields. The contrary will mean
a modification of the plugin in a code level.
– In case that the logs would not be created daily (by default) but that there would be a single
log, it will be advisable to use the file parameter instead of path.
– If the logs are created daily( by default), schedule, weekly or monthy, you should used the
path parameter instead of file. In any case, it will be better the creation by default or the
schedule to have more speed in the presentation of the data extracted of the log.
The problem consist in that the specific HTTP (xxx.x) status codes will be only shown to the client
in the navigator, as that IIS register store only simple state code, so additionaly and both for the
case of the control of thes specific codes and also to check the connectivity on the client side
correctly.
To this we can add that the fact that in same specific implementations, the number of daily or
schedule connections is that, in the IIS connection register is so big that the plugin is not able to
process quick enough to define a synchronous monitoring, so its use is more oriented to the
troubleshooting than to the monitoring.
Page 17
19. Although, this plugin doesn't support the use of POST against those URLs, only GET requests. To
simulate the autentication process and the mail sending/reception it is necessary the
implementation of the Goliat checks previously commented.
The parameters of this plugin are these:
-select all All operations are executed
-select server-status Only operations to check sites and application pools
are executed
-select web-status Only operations to check HTTP status codes from an
URL list are executed
-list Provides a path for a list with URLs to check (to use
with all and webstatus only)
Usage example: .Pandora_Plugin_IIS_v1.0.ps1 -select all -list URLs.txt 2>
plugin_error.log
We can choose between executing all the operations or check only the status of Websites and
Application Pools, or only the web checks.
Modules generated by the IIS status plugin
Page 19
20. 8 FILE EXPLANATION
– IIS Monitoring
– Powershell.exe
– counters.txt: Contains the list of performance counters to monitor. This file
should be located in the same path where the Powershell plugin is executed.
– URLs.txt: Contains the list of URLs to monitor.This file should be located in the
same path of the Powershell plugin.
– Pandora_Plugin_PerfCounter_vx.y.ps1: Plugin for the complete monitoring of
performance counters.
– Pandora_Plugin_IIS_Status_vx.y.ps1: Plugin to monitor the status of IIS
WebSites, ApplicationPools and URLs.
– Pandora_Plugin_IIS_Logs_vx.y.ps1: Plugin to monitor the error codes in the IIS
registers.
– Pandora_Plugin_IIS_Events_vx.y.ps1: plugin to monitor the event system that are
related with IIS.
Page 20
22. 9.4. Event Verification in IIS
The IIS server events verification is done through the Pandora_Plugin_IIS_Events.ps1
plugin and could be applied in the IIS specific technology, in a general way.
Generated modules:
– IIS Monitoring
– Event ID
Other option is to create software agent modules to monitor some of the more important
Event IDS of this technology.
9.5. Logs Verification en IIS
The verification of connection logs of the IIS servers is done through the
Pandora_Plugin_IIS_Logs.ps1 and could be applied in the IIS specific technology in a
general way for each server and for each site.
Generated modules:
– IIS Monitoring
– Error 404 – IIS Hostname
– Error 500 – IIS Hostname
– Error 503 – IIS Hostname
– Error 504 – IIS Hostname
– Error 505 – IIS Hostname
9.6. Performance Counters Verification
The verification of performance counters is done through the
Pandora_Plugin_PerfCounter.ps1 plugin and could be applied in different policies for
different technologies, each of them with different list of counters, depending on which we
want to monito of each one of those technologies.
Page 22
23. We show here the list of counters that can be monitor in the IIS case:
– IIS Monitoring
– Web Service(*)Total Bytes Sent
– Web Service(*)Bytes Sent/sec
– Web Service(*)Total Bytes Received
– Web Service(*)Bytes Received/sec
– Web Service(*)Total Bytes Transferred
– Web Service(*)Bytes Total/sec
– Web Service(*)Total Files Sent
– Web Service(*)Files Sent/sec
– Web Service(*)Total Files Received
– Web Service(*)Files Received/sec
– Web Service(*)Total Files Transferred
– Web Service(*)Files/sec
– Web Service(*)Current Anonymous Users
– Web Service(*)Current NonAnonymous Users
– Web Service(*)Total Anonymous Users
– Web Service(*)Anonymous Users/sec
– Web Service(*)Total NonAnonymous Users
– Web Service(*)NonAnonymous Users/sec
– Web Service(*)Maximum Anonymous Users
– Web Service(*)Maximum NonAnonymous Users
– Web Service(*)Current Connections
– Web Service(*)Maximum Connections
– Web Service(*)Total Connection Attempts (all instances)
– Web Service(*)Connection Attempts/sec
– Web Service(*)Total Logon Attempts
– Web Service(*)Logon Attempts/sec
– Web Service(*)Total Options Requests
– Web Service(*)Options Requests/sec
– Web Service(*)Total Get Requests
– Web Service(*)Get Requests/sec
– Web Service(*)Total Post Requests
– Web Service(*)Post Requests/sec
– Web Service(*)Total Head Requests
– Web Service(*)Head Requests/sec
– Web Service(*)Total Put Requests
– Web Service(*)Put Requests/sec
– Web Service(*)Total Delete Requests
– Web Service(*)Delete Requests/sec
– Web Service(*)Total Trace Requests
– Web Service(*)Trace Requests/sec
– Web Service(*)Total Move Requests
– Web Service(*)Move Requests/sec
Page 23
24. – Web Service(*)Total Copy Requests
– Web Service(*)Copy Requests/sec
– Web Service(*)Total Mkcol Requests
– Web Service(*)Mkcol Requests/sec
– Web Service(*)Total Propfind Requests
– Web Service(*)Propfind Requests/sec
– Web Service(*)Total Proppatch Requests
– Web Service(*)Proppatch Requests/sec
– Web Service(*)Total Search Requests
– Web Service(*)Search Requests/sec
– Web Service(*)Total Lock Requests
– Web Service(*)Lock Requests/sec
– Web Service(*)Total Unlock Requests
– Web Service(*)Unlock Requests/sec
– Web Service(*)Total Other Request Methods
– Web Service(*)Other Request Methods/sec
– Web Service(*)Total Method Requests
– Web Service(*)Total Method Requests/sec
– Web Service(*)Total CGI Requests
– Web Service(*)CGI Requests/sec
– Web Service(*)Total ISAPI Extension Requests
– Web Service(*)ISAPI Extension Requests/sec
– Web Service(*)Total Not Found Errors
– Web Service(*)Not Found Errors/sec
– Web Service(*)Total Locked Errors
– Web Service(*)Locked Errors/sec
– Web Service(*)Current CGI Requests
– Web Service(*)Current ISAPI Extension Requests
– Web Service(*)Maximum CGI Requests
– Web Service(*)Maximum ISAPI Extension Requests
– Web Service(*)Current CAL count for authenticated users
– Web Service(*)Maximum CAL count for authenticated users
– Web Service(*)Total count of failed CAL requests for authenticated users
– Web Service(*)Current CAL count for SSL connections
– Web Service(*)Maximum CAL count for SSL connections
– Web Service(*)Total count of failed CAL requests for SSL connections
– Web Service(*)Total Blocked Async I/O Requests
– Web Service(*)Total Allowed Async I/O Requests
– Web Service(*)Total Rejected Async I/O Requests
– Web Service(*)Current Blocked Async I/O Requests
– Web Service(*)Measured Async I/O Bandwidth Usage
– Web Service(*)Total blocked bandwidth bytes.
– Web Service(*)Current blocked bandwidth bytes.
– Web Service(*)Service Uptime
Page 24