Automate MAXfocus with PowerShell

A script I have created to run as a Daily Safety Check (as a Script check). It uses WMI and information gathered by the MAXfocus agent asset scan to determine if any checks needs to be added. On agents configured for Server monitoring the script will add Drive Space Checks and Drive Space Change checks to local fixed drived. If the device has any hard drives that supports S.M.A.R.T. the script will add the Disk Health Check. It will add checks for new and/or unmonitored Windows services, according to the options you specify. It can also add Performance Checks, Backup Checks and Antivirus checks. The script is hosted on GitHub, so you can download it and begin using it immediately. You can find the script here.

Update!

Since this post I have learned to avoid Powershell parameter validation entirely with MAXfocus scripts. A Powershell script that fails parameter validation will not output anything to Dashboard, not even error messages. Since Powershell do not use Exit codes natively, a check or task will still return Success. I have updated the script to validate parameters manually and output any problems to Dashboard. You can use the same download link.

There are no API for adding monitoring checks to a MAXfocus agent at present. If you wish to automate detection and configuration of checks you will have to do it locally at each agent/device and add any missing checks directly in an agent configuration file and restart the agent service. The relevant configuration files are formatted as Windows configuration files (.ini) and XML files. The agent settings (agent mode, monitoring interval and time of day for Daily checks) are kept in settings.ini. Any checks are in 247_config.xml for 24/7 checks and DSC_config.xml for Daily Safety Checks.

I use powershell to read existing configuration files, determine if any checks are missing and add any that my script logic register as missing. New checks are added as XML directly in the relevant file and the agent restarted.

Checks the script can add

I have written this script speficially to add my own default set of checks. They are:

  • **Disk Health Check **(added if MSStorageDriver_FailurePredictStatus is found in WMI)

  • Drive Space Check (added for Drivetype = 3 in Win32_LogicalDisk in WMI)

  • Disk Space Change (same drives as for Drive Space check)

  • Windows Service checks (see explanation below for how I filter them)

  • Microsoft SQL Server (I only add a Windows service check, but Instances are output to Dashboard)

  • Processor Queue Check (I try to filter out virtual machines)

  • Average CPU Usage (Default alert threshold is > 99 %)

  • Memory Usage (Be aware that I use high default thresholds)

  • Network Usage (Not on Hyper-V as network adapters tend to pop up as new when moved between hosts – at least on Azure)

  • Disk Usage (Be aware that I use high default thresholds)

  • Ping Check for router immediately after default gateway (but I do not add this by default)

  • Backup Checks (The agent detects Backup Software. I use that feature to add backup checks if a server has backup software, but no backup checks. Se details below)

  • Antivirus Checks (The agent detects Antivirus software. See details below)

  • Critical Events (See details below)

  • Eventlog Checks (Application Hangs, BSOD and NTFS errors)

    Workstations

On workstations I only add Disk Health Check, Disk Space Check on %SystemDrive% and any backup or antivirus software. If the script detects any SQL servers on a workstation it adds a Windows service check for any instances. No other Windows service checks are added on workstations.

Usage

To use the script you download it to a management workstation, review the code for malicious intent, tweek any default settings to your liking and upload it to your dashboard as a User Script. Then you add it to any device you want to configure automatically as a Daily script check.

Parameters

  • -All will add any check I consider useful if it is missing (this may overwrite your other choices).

  • -Apply This switch turns on the actual adding of checks. Without it this script will only report any checks it considers missing.

  • **-ReportMode [On Off]** You can choose to have the script check report Failed if it has made or wants to make a change.
  • -Performance This switch turns on Performance monitoring checks (included in -All)

  • -PingCheck This switch adds a pingcheck two hops out. I sometimes use it on SOHO locations. It is not included in -All.

  • -MSSQL This is included in -All.

  • -SMART This is included in -All.

  • -Backup This is included in -All.

  • -Antivirus This is included in -All.

  • -LogChecks This includes both Critical Events and Eventlog checks. It is included in -All.

  • **-DriveSpaceCheck xx[% MB GB]** The free space threshold used on all fixed drives on a device. You can use a percentage or a fixed number in MB or GB. I include 10 % in -All.
  • **-WinServiceCheck [All Default]** The detection method you want to use to find new Windows services that should be monitored. I use All in -All (pun not intended).
  • -DiskSpaceChange xx A number between 1 and 99 that represents the percent of change you want to be alerted about. I include -DiskSpaceChange 10 in -All.

  • **-ServerInterval [5 15]** The report interval you want to use on your server devices (5 or 15 minutes). I use 5 as default.
  • **-PCInterval [30 60]** The report interval you want to use on your workstation devices (30 or 60 minutes). I use 30 as default.
  • -DSCHour x A number representing the hour you want Daily Safety Checks to run. I use 8 as default.

  • -Verbose�This will output parameter validation to Dashboard.

  • -Debug This implies -Verbose and will output everything to a local file on the device where it runs. Filename is supplied by MAXfocus, is located in the agent directory and is called task_xx.log where xx is the task UID.

  • -Library This is a special option included only to let other scripts source this script for its functions. You should not use it as a script check or scheduled task.

    Configuration Settings

Since there are no way to centrally manage check frequency or time of day for Daily Safety Checks I have included code to configure these settings for me. I want all my server devices configured the same.

Windows Service Checks

The main point of having a script that adds Windows Service Checks is to catch software that are added to a monitored device after you have started monitoring it. You also want to catch important software that do not have the same service name across devices and installations. Microsoft SQL server is a good example of this. As any MS Sql service will include the instance name in the service name and you cannot catch all MS Sql services by using templates. A script solves this. I have included two options for Windows service checks:

  • Default – Only add services that are listed in the MAXfocus agents list of default Windows services to monitor

  • All – This is my version of all services

If you choose All I will separate all autostarting services in two groups: The ones that have an executable file located below the %SystemRoot% directory and any that has an executable outside. I filter any service below %SystemRoot% using the default services list supplied with an agent (services.ini). Any services located outside %SystemRoot% will be added, unless I have included them in my $DoNotMonitorServices list.

By default I use these options:

  • Failcount 1 (Alert immediately)

  • StartPendingOK 0 (No)

  • Restart 1 (Yes)

  • ConsecutiveRestartCount 2 (fail if service does not run after 2 tries)

  • CumulativeRestartCount 4|24 (fail if the service must be restarted more than 4 times in 24 hours)

    Backup Checks

I have tried to let the script add checks for any Backup Software found. So I have learned the hard way that the agent will flag Backup Exec on any device that has the Backup Exec agent installed. I have also learned that an inordinate amount of servers seem to have Windows Backup installed, complete with jobs that fail.

At present I only add checks for backup software that are relevant for my clients: Symantec Backup Exec, Veeam Backup & Replication and AppAssure. If Backup Exec has been detected I will only add a check if a Windows service using bengine.exe is installed. Ny default I add any checks with a jobcount of 1 – except for Backup Exec. I give Backup Exec 99 jobs to look for by default. I consider Backup Exec jobs that continue long past Daily Safety Check time for an error that needs to be followed up. Preferably by replacing it with an online backup service.

Pro tip: If you use a jobcount of 1 a check will not fail as long as it finds at least 1 completed backup job, nut it will still fail if at least 1 backup job has failed. So if you only want to be alerted if a backup job has actually failed, never mind any jobs that are still running, you can configure a backup check with only 1 job to look for. By coincidence this makes it a lot more feasible to add backup checks automatically with a script.

Antivirus Checks

There are too many Antivirus software packages out there for me to know them all. I rely completely on the agent asset scan to detect them for me. Using this script I have learnt to add only 1 Antivirus check for any device (an agent may detect multiple antiviruses installed). I drop the check if Managed Antivirus is installed and I filter out Windows Defender, too. Since a lot of my Clients are still using Trend Micro I have also included code to detect if a device is using Conventional Scan or Smart Scan.

Critical Events

By default I like to get a summary of Eventlog errors on any server device in the dashboard. I do not want to receive alerts for the Application or System log. I do want alerts for any errors in File Replication Service log and/or Directory Service log. I let the script loop through my default Critical Events check and add it only if the log in question is present at a device.

Eventlog Checks

I have so far collected 3 events I want alerts for: Application Hangs in the application log, BSOD errors in the system log and NTFS errors in the system log. I let the script add these checks for me if the aren’t already present.

Disclaimer

You may download and use this script as you see fit, but remember that I cannot take any responsibilty for any uintended changes this script may end up doing to your agents. Please remember that any checks you add to an agent will count against your invoice, and my default settings will most likely make any device reach the price cap on the first run.