This repository has been archived by the owner on Apr 19, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWin32_Service.sh
269 lines (239 loc) · 8.21 KB
/
Win32_Service.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#!/usr/bin/perl -w
######################################################
# This script is intended to monitor Win32_Service states and it's changes.
# If state != running alert messages will be sent to OMW thru opcmsg.exe
#
# 2013-12-09 First version of script
# 2014-01-24 Edited major faults with parsing
# 2014-06-30 Added support for service names with whitespaces
#
######################################################
use strict;
use warnings;
# Excluded services ##################################
my @excludeservices =(
"Tj„nsten Google Update (gupdate)",
"Citrix Print Manager Service",
"Tjänsten Google Update (gupdate)",
"Performance Logs and Alerts",
"clr_optimization_v2.0.50727_32",
"CpqNicMgmt",
"Microsoft .NET Framework NGEN v4.0.30319_X86",
"Microsoft .NET Framework NGEN v4.0.30319_X64",
"clr_optimization_v2.0.50727_64",
"RDSessMgr",
"spupdsvc",
"Windows Search",
"SysmonLog",
"ccmsetup",
"WinRM",
"Security Center",
"gupdate",
"Tjänsten Google Update (gupdate)",
"Remote Registry",
"PA Measurement Interface",
"PA Transaction Manager",
"PA Extended Collector",
"PA Alarm Generator",
"PA DSI Service",
"PA Collector",
"Windows Image Acquisition (WIA)",
"WinHTTP Web Proxy Auto-Discovery Service",
"TPM Base Services",
"Shell Hardware Detection",
"Software Protection",
"NetIQ AppManager Client Communication Manager",
"NetIQ AppManager Client Resource Monitor",
"Microsoft Exchange POP3",
"Windows Modules Installer",
"Windows Installer",
"Distributed Transaction Coordinator",
"Windows Font Cache Service",
"Volume Shadow Copy",
"VMware Tools Service",
"Real Time Metric Access Service",
"OfficeScan NT RealTime Scan",
"OfficeScan NT Listener",
"KtmRm for Distributed Transaction Coordinator",
"Distributed Transaction Coordinator",
"Diagnostic Policy Service",
"Background Intelligent Transfer Service",
"Citrix SMA Service",
"Windows Service Pack Installer update service",
"Windows Event Collector",
"Server",
"Print Spooler",
"GroupPolicy Client",
"Application Experience",
".NET Runtime Optimization Service",
"Net.Tcp Listener Adapter",
"Net.Pipe Listener Adapter",
"Net.Msmq Listener Adapter",
"Update Services",
"Google Update Service",
"NetWorker PowerSnap Service",
"HP ProLiant Rack Infrastructure Interface Service",
"Microsoft .NET Framework NGEN",
"clr_optimization_v4.0.30319_32",
"clr_optimization_v4.0.30319_64",
"Microsoft .NET Framework NGEN v2.0.50727_X64",
"Microsoft .NET Framework NGEN v2.0.50727_X86",
"BrSplService",
"Remote Management (WS-Management)",
"AudioSrv",
"Service Google Update Service (gupdate)",
"Windows Remote Management (WS-Management)",
"Windows Update",
"AppFabric Caching Service",
"Enfocus Switch Watchdog"
);
# OPCMSG variables ###################################
# Severity is handeled in open message interface policy
my $msg_g = "Windows";
my $a = "ServiceMonitor";
my $o; # Will be the monitored service
my $msg_t; # Will be a string with information.
my $severity = "Major";
my $opcmsg;
# Declaring variables ################################
my $debug = 0;
my @cmd;
my @runningservices_now;
my @notrunningservices_now;
my @runningservices_history;
my @notrunningservices_history;
my @servicestatehistory;
my $dir;
my $vbsfile = "Win32_service.vbs";
my $servicestatefile = "ServiceStateHistory.log";
my $outputline;
my $servicestatus;
my $servicename;
my $servicedisplayname;
my $servicestartmode;
my $servicestate;
my $firstpoll = 0;
my $ovagentdir = $ENV{'OvAgentDir'};
$ovagentdir =~ s/\\/\//g; #Switches Windows path to Perl.
$ovagentdir = $ovagentdir . "bin/instrumentation";
print "$ovagentdir\n";
$dir = $ovagentdir;
#Dev options
#my $dir = "C:/ProgramData/HP/HP BTO Software/bin/instrumentation";
######################################################
# Create/Read state file
if(-e "$dir/$servicestatefile"){
#print "File exists!\n";
$firstpoll = 0;
print "File exists!!\n";
print "FIRSTPOLL: $firstpoll\n";
#Read file
open READFILE, "$dir/$servicestatefile" or die $!;
@servicestatehistory = <READFILE>;
close READFILE;
chomp(@servicestatehistory);
#Clean configfile
open WRITEFILE, ">", "$dir/$servicestatefile" or die $!;
close WRITEFILE;
}
else{
print "File does not exist!\n";
print "FIRSTPOLL: $firstpoll\n";
$firstpoll = 1;
#Create file
open WRITEFILE, ">>", "$dir/$servicestatefile" or die $!;
close WRITEFILE;
}
# Main script
print "####### Service history #######\n";
# Push service history states into two arrays ##########
foreach $outputline(@servicestatehistory){
#Parse output
if($outputline =~ m/(.*) ;\s*(\S*)\s*;\s*(\S*)\s*;\s*(.*)/){
$servicename = $1;
$servicestate = $2;
$servicestartmode = $3;
$servicedisplayname = $4;
if($servicestate =~ m/Running/i){
push(@runningservices_history, "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname");
print "RUNNING: $servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
}
else{
push(@notrunningservices_history, "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname");
print "NOT RUNNING: $servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
}
}
}
######################################################
# Run VBS script to get Win32_Service states.#########
@cmd = `cscript "$dir/$vbsfile"`;
chomp(@cmd);
######################################################
print "\n####### Evaluate current state #######\n";
# Evaluate service states from VBS script.############
foreach $outputline(@cmd){
if($debug == 1){
print "OUTPUTLINE: $outputline\n";
}
#Parse output
if($outputline =~ m/(.*) ;\s*(\S*)\s*;\s*(\S*)\s*;\s*(.*)/){
$servicename = $1;
$servicestate = $2;
$servicestartmode = $3;
$servicedisplayname = $4;
#print "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
open WRITEFILE, ">>", "$dir/$servicestatefile" or die $!;
if(grep $_ eq $servicename, @excludeservices){
print "EXCLUDED Servicename: $servicename\n";
#Do nothing
}
elsif(grep $_ eq $servicedisplayname, @excludeservices){
print "EXCLUDED Servicedisplayname: $servicedisplayname\n";
#Do nothing
}
else{
#print "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
if($servicestate =~ m/Running/i){
push(@runningservices_now, "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname");
print WRITEFILE "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
if($firstpoll == 0){
$servicestatus = "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname";
if(grep $_ eq $servicestatus, @runningservices_history){
#Current state is same as history and still running, do nothing.
print "RUNNING SAME: $servicestatus\n";
}
else{
#Current state is running and is not same as history. send normal message.
print "RUNNING NOT SAME: $servicestatus\n";
$msg_t = "Service $servicedisplayname ($servicename) is $servicestate.";
$opcmsg = `opcmsg a=\"$a\" o=\"$servicename\" msg_g=\"$msg_g\" msg_t=\"$msg_t\" s=\"normal\"`;
}
}
}
else{
push(@notrunningservices_now, "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname");
print WRITEFILE "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname\n";
if($firstpoll == 0){
$servicestatus = "$servicename ; $servicestate ; $servicestartmode ; $servicedisplayname";
if(grep $_ eq $servicestatus, @notrunningservices_history){
#Current state is same as history do nothing
}
else{
#Current state is not same as history and service is not running, send alert message!!
print "Service $servicedisplayname ($servicename) is now $servicestate\n";
$msg_t = "Service $servicedisplayname ($servicename) is $servicestate";
$opcmsg = `opcmsg a=\"$a\" o=\"$servicename\" msg_g=\"$msg_g\" msg_t=\"$msg_t\" s=\"$severity\"`;
}
}
else{
#Current state is not running, send alert merssage!!!
print "Service $servicedisplayname ($servicename) is now $servicestate\n";
$msg_t = "Service $servicedisplayname ($servicename) is $servicestate";
$opcmsg = `opcmsg a=\"$a\" o=\"$servicename\" msg_g=\"$msg_g\" msg_t=\"$msg_t\" s=\"$severity\"`;
}
}
}
close WRITEFILE;
}
}
######################################################