Oh,
It may be worth running these with -dd on the poller options on both the
original and this new version to make sure the array formats are the
same if something doesn't work right.
The output might be quite long, but you can find the WMI part easily by
searching for WMI or Win32 or something.
adam.
Adam Armstrong via observium wrote on 16/11/2023 01:24:
This code was contributed about a decade ago and immediately abandoned
by the author. I've never looked at this code, but it looks like at
some point Mike converted it to use our more modern error generation
functions, but I doubt he did much more.
Neither of us have the ability to test Windows, but you can try this
replacement for the wmi_parse() function to see if it behaves better.
It might explode, who knows.
function wmi_parse($wmi_string, $ret_single = FALSE, $ret_val = NULL)
{
if (!is_string($wmi_string) || safe_empty($wmi_string)) {
return NULL;
}
print_debug($wmi_string);
$wmi_lines = array_filter(explode(PHP_EOL, $wmi_string),
'strlen');
$wmi_class = NULL;
$wmi_error = NULL;
$wmi_properties = [];
$wmi_results = [];
foreach ($wmi_lines as $line) {
if (str_contains($line, 'ERROR:')) {
$wmi_error = substr($line, strpos($line, 'ERROR:') +
strlen("ERROR: "));
if (OBS_DEBUG) {
switch ($wmi_error) {
case "Retrieve result data.":
echo("WMI Error: Cannot connect to host or
Class\n");
break;
case "Login to remote object.":
echo("WMI Error: Invalid security credentials
or insufficient WMI security permissions\n");
break;
default:
echo("WMI Error: Please report");
break;
}
}
return NULL;
}
if (empty($wmi_class)) {
if (str_starts($line, 'CLASS:')) {
if (!empty($wmi_properties)) {
// Reset properties for a new CLASS section
$wmi_properties = [];
}
$wmi_class = substr($line, strlen("CLASS: "));
}
} elseif (empty($wmi_properties)) {
$wmi_properties =
explode($GLOBALS['config']['wmi']['delimiter'], $line);
} else {
$values = explode($GLOBALS['config']['wmi']['delimiter'],
str_replace('(null)', '', $line));
if (count($wmi_properties) !== count($values)) {
print_error("WMI ERROR: properties count not same as
values count!");
print_debug_vars($wmi_properties);
print_debug_vars($values);
continue;
}
$wmi_results[$wmi_class][] =
array_combine($wmi_properties, $values);
}
}
if ($ret_single && count($wmi_results) === 1) {
$wmi_results = reset($wmi_results);
if ($ret_val) {
$wmi_results = $wmi_results[$ret_val] ?? NULL;
}
}
print_debug_vars($wmi_results);
return $wmi_results;
}
Scott Kohnert via observium wrote on 16/11/2023 00:05:
First time posting and hopes that someone can assist. Been using
Subscription version of Observium for over 10 years collecting data
on over 150 server farm using it daily and have been asked to now
add monitoring of Windows Services.
I started to do this via Probes and SNMP checks but due to the shear
volume of services and servers involved this would be a tedious
process. I would like to use WMI to monitor Windows Services as it
appears to poll faster. Unfortunately I ran into an issue where it
only displays 3 services at a time. Windows Server has over 200
services by default, I don’t plan on monitoring all of them but at
least a couple dozen. Using WMI would be a much easier way to
setup alerts if I could get the full listing to appear, which is
where I am needing help.
Here is my setup to reproduce the issue (generalized information used
for security)
Follow the WMI setup in the help documentation for my UB 22.04 server
Global Settings > Polling > WMI (turn on)
Server discovered via SNMP
Open Properties of Server and edit WMI information (per server
polling only no global settings)
WMI Hostname = nacn_ip_TCP:hostname.domain.local[sign]
WMI Domain= domain
WMI Username = username
WMI Password = password
After a couple of minutes, I get the results of only showing 3
services not a full list.
AllJoyn Router Service
Remote Desktop Service
Themes
I have tried this on multiple servers and the same 3 services appear
each time.
I began to look into the code and run the wmic query on the web
server itself using the following query
wmic -U “domain\username%password”
//ncacn_ip_TCP:hostname.domain.local[sign] “select DisplayName, Name,
State, Status from Win32_Service”
It gave me the full listing results and from what I can see this is
where the issue lies.
CLASS: Win32_Service
DisplayName|Name|State|Status
AllJoyn Router Service|AJRouter|Stopped|OK
Application Layer Gateway Service|ALG|Stopped|OK
Application Identity|AppIDSvc|Stopped|OK
…
Telephony|tapisrv|Stopped|OK
CLASS: Win32_TerminalService
DisplayName|Name|State|Status
Remote Desktop Services|TermService|Running|OK
CLASS: Win32_Service
DisplayName|Name|State|Status
Themes|Themes|Running|OK
Storage Tiers Management|TieringEngineService|Stopped|OK
…
The first item of the WMI services is the AllJoyn Router Service,
then about halfway down the listing it produces a different
CLASS:Win32_TerminalService and the headers. Then it has Remote
Desktop Services and starts again with CLASS:Win32_Service and
headers again, and the third entry to be displayed Themes.
Looking through the code I think the issue resides in the
/opt/observium/includes/wmi.inc.php code and the function wmi_parse.
This is the function that is used (from what I can back trace) for
performing the parsing of the WMI call and populating the database
with the WMI entries. But when running the mysql query for the
services listing it only shows these 3 listed and not all the
services that the manual query performed on the server displays.
I would like to ask if someone can look into the WMI process and
check the coding to allow the WMIC query to populate ALL the service
results in the web site.
As a separate test I also went into the Global Settings > Discovery >
WMI AutoDiscoveryOptions and added in several services manually (list
of 10) not including the Remote Desktop Services and the results I
get on the Windows Services tab show the Remote Desktop Services.
So the 2nd CLASS that appears for this service appears to be causing
the issue.
Any help is appreacited.
_______________________________________________
observium mailing list -- observium@lists.observium.org
To unsubscribe send an email to observium-le...@lists.observium.org
_______________________________________________
observium mailing list -- observium@lists.observium.org
To unsubscribe send an email to observium-le...@lists.observium.org
_______________________________________________
observium mailing list -- observium@lists.observium.org
To unsubscribe send an email to observium-le...@lists.observium.org
