Zabbix, Surveiller Windows Update

J’ai installer depuis un moment Zabbix dans mon entreprise. Il est assez « simple », et puissant.

La sonde disponible sur le zabbix Share ne fonctionné pas sur mon infra, du coup je l’ai modifier à ma sauce. C’est une de mes premières customisations de sondes, je suis conscient que le code peut être amélioré.

 

Télécharger les fichiers -> Windows Updates

Coté serveur

Ajouter le template Windows Updates.xml à votre serveur

Vérifier le path de l’élément « Last check » de votre modèle.

 

Coté Client

Copier settings.ini et zbx-winupdate.exe dans le dossier de votre agent zabbix (C:\Program Files\Zabbix Agent)

Modifier le fichier settings.ini et modifier les informations de SENDER, CONFIG, et SERVER selon votre cas.

 

Vérifier que dans le fichier zabbix_agentd.conf la valeur EnableRemoteCommands=1 est présente.

 

Si aucunes données remonte, vérifier que le nom d’hote sur zabbix est identique à celui indiqué dans le fichier log généré automatiquement par zbx-winupdate.exe.

Code Source :

Windows Updates.xml

<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
    <version>4.4</version>
    <date>2020-03-05T08:38:22Z</date>
    <groups>
        <group>
            <name>Templates</name>
        </group>
    </groups>
    <templates>
        <template>
            <template>Windows Updates</template>
            <name>Windows Updates</name>
            <description>Check if updates are available for Windows servers ( Important or Optional )</description>
            <groups>
                <group>
                    <name>Templates</name>
                </group>
            </groups>
            <applications>
                <application>
                    <name>Windows Updates</name>
                </application>
            </applications>
            <items>
                <item>
                    <name>Check "startup" state of service "Windows Update"</name>
                    <type>ZABBIX_ACTIVE</type>
                    <key>service.info[wuauserv,startup]</key>
                    <delay>30</delay>
                    <history>1d</history>
                    <description>Check service "startup" value of  "Windows Update"

Value can for startup can be: 
0 - automatic,
1 - automatic delayed,
2 - manual,
3 - disabled,
4 - unknown

https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>2</expression>
                            <name>Startup state of "Windows Update" on server " {HOST.NAME}" is disabled, zbx-winupdate.exe  cannot check for updates.</name>
                            <priority>WARNING</priority>
                            <description>Startup state of "Windows Update" on server " {HOST.NAME}" is disabled, zbx_winupdate.exe cannot check for updates.

Value should be lower or 2

Specifically for startup:
0 - automatic,
1 - automatic delayed,
2 - manual,
3 - disabled,
4 - unknown

https://www.zabbix.com/documentation/3.0/manual/config/items/itemtypes/zabbix_agent/win_keys</description>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>Last check</name>
                    <key>system.run["C:\Program Files\Zabbix Agent\zbx-winupdate.exe",nowait]</key>
                    <delay>10800</delay>
                    <history>1d</history>
                    <trends>0</trends>
                    <value_type>LOG</value_type>
                    <description>Last check for updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                </item>
                <item>
                    <name>critical</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.critical</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available critical updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (critical) : ({ITEM.LASTVALUE} available).</name>
                            <priority>AVERAGE</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>feature packs</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.feature</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available feature packs</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (feature) : ({ITEM.LASTVALUE} available).</name>
                            <priority>WARNING</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>rollups</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.rollups</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available rollups</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                </item>
                <item>
                    <name>security</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.security</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available security updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (security) : ({ITEM.LASTVALUE} available).</name>
                            <priority>AVERAGE</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>service packs</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.servicepacks</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available service packs</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (servicepack) : ({ITEM.LASTVALUE} available).</name>
                            <priority>WARNING</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>total</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.total</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Total available updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                </item>
                <item>
                    <name>uncategorized</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.uncategorized</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Uncategorized available updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (uncategorized) : ({ITEM.LASTVALUE} available).</name>
                            <priority>WARNING</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>updates</name>
                    <type>TRAP</type>
                    <key>zbx.win.updates.updates</key>
                    <delay>0</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <description>Available (Optional) updates</description>
                    <applications>
                        <application>
                            <name>Windows Updates</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last()}>=1</expression>
                            <name>There are updates available (optional) : ({ITEM.LASTVALUE} available).</name>
                            <priority>WARNING</priority>
                        </trigger>
                    </triggers>
                </item>
            </items>
        </template>
    </templates>
</zabbix_export>

 

settings.ini

[ZABBIX]
SENDER	= C:\Program Files\Zabbix Agent\zabbix_sender.exe
CONFIG	= C:\Program Files\Zabbix Agent\zabbix_agentd.conf
SERVER  = URL_DE_VOTRE_SERVER_ZABBIX
[WINUPDATE]
HIDEHIDDENUPDATES = True

 

zbx-winupdate.au3

#cs ----------------------------------------------------------------------------

 AutoIt Version: 3.3.12.0
 Author:         Luc Rutten
 Version: 1.01

 Script Function:
	Check If update are available

 Source:
   https://community.spiceworks.com/topic/599791-windows-update-script
   https://msdn.microsoft.com/nl-nl/library/windows/desktop/aa387102(v=vs.85).aspx
   https://gallery.technet.microsoft.com/scriptcenter/b9ba9b9d-cfc7-4bc9-980b-d914e81b3a84
   https://stackoverflow.com/questions/26064647/how-to-discover-if-windows-update-is-optional-recommended-or-important

#ce ----------------------------------------------------------------------------

#include <date.au3>
#include <EventLog.au3>


; Retrieve Zabbix settings
Dim $ZBX_SENDER	= IniRead (@scriptdir &"\settings.ini", "ZABBIX", "SENDER", "default" )
LogWriter ('SETTINGS','PATH To Zabbix Sender: '& $ZBX_SENDER)
Dim $ZBX_CONFIG	= IniRead (@scriptdir &"\settings.ini", "ZABBIX", "CONFIG", "default")
LogWriter ('SETTINGS','PATH To Zabbix Config: '& $ZBX_CONFIG)
Dim $ZBX_COMPUTERNAME = @ComputerName
LogWriter ('SETTINGS','Hostname: '& $ZBX_COMPUTERNAME)
Dim $ZBX_SRV = IniRead (@scriptdir &"\settings.ini", "ZABBIX", "SERVER", "default")
LogWriter ('SETTINGS','Server: '& $ZBX_SRV)

; Retrieve Windows update settings
Dim $WIN_UPDATE_HID	= IniRead (@scriptdir &"\settings.ini", "WINUPDATE", "HIDEHIDDENUPDATES", "False")
LogWriter ('SETTINGS','Hide hidden updates: '& $WIN_UPDATE_HID)

; Send signal to zabbix
LASTCHECK()

; Search for updates
FINDUPDATES()

; EndScript
Exit

Func LASTCHECK()

   ; Send Timestamp to zabbix that windows update has been cheched
   Local $TIMESTAMP = @YEAR & @MON & @YDAY & @HOUR & @MIN & @SEC
   ConsoleWrite ($TIMESTAMP)

   LogWriter ('LASTCHECK','Value "'& $TIMESTAMP &'" send to item "Last Check"')

EndFunc


Func FINDUPDATES()

   Local $UPDATES			= 0
   Local $CATEGORY			= 0

   Local $CAT_UPDATES		= 0	; Updates
   Local $CAT_CRITICAL		= 0 ; Security Updates
   Local $CAT_SECURITY		= 0 ; Security Updates
   Local $CAT_SERVICEPACK	= 0 ; Service Packs
   Local $CAT_ROLLUPS		= 0 ; Update Rollups
   Local $CAT_FEATURE		= 0 ; Feature Packs
   Local $CAT_UNCATEGORIZED	= 0 ; Uncategorized Packs


   Local $updateSession = ObjCreate("Microsoft.Update.Session")
   Local $updateSearcher = $updateSession.CreateupdateSearcher()

   LogWriter ("Updates","Searching for updates...")

   If $WIN_UPDATE_HID = "True" Then
	  $searchResult = $updateSearcher.Search("IsInstalled=0 and Type='Software' and IsHidden=0")
	  LogWriter ("Updates","List of applicable items without hidden updates on the machine:")
   Else
	  $searchResult = $updateSearcher.Search("IsInstalled=0 and Type='Software'")
	  LogWriter ("Updates","List of applicable items with hidden updates on the machine:")
   EndIf



   ; Check for updates
   For $i = 0 To $searchResult.Updates.Count - 1
	  $UPDATE = $searchResult.Updates.Item($i)

	  ; Check category
	  $CATEGORY = $searchResult.Updates.Item($i).Categories

	  For $j = 0 To $CATEGORY - 1

		 $CATEGORY = $CATEGORY.Item($j).Name

		 Select
			Case $CATEGORY = "Updates"

			   $CAT_UPDATES = $CAT_UPDATES + 1

			Case $CATEGORY = "Critical Updates"

			   $CAT_CRITICAL = $CAT_CRITICAL + 1

			Case $CATEGORY = "Security Updates"

			   $CAT_SECURITY = $CAT_SECURITY + 1

			Case $CATEGORY = "Service Packs"

			   $CAT_SERVICEPACK = $CAT_SERVICEPACK + 1

			Case $CATEGORY = "Update Rollups"

			   $CAT_ROLLUPS = $CAT_ROLLUPS + 1

			Case $CATEGORY ="Feature Packs"

			   $CAT_FEATURE = $CAT_FEATURE + 1

			Case Else

			   $CAT_UNCATEGORIZED = $CAT_UNCATEGORIZED + 1

		 EndSelect

	  Next

	  $UPDATES = $UPDATES + 1

	  LogWriter ("Updates", "Category: " & $CATEGORY & @TAB & $UPDATE.title)

   Next

   LogWriter ('FindUpdates','Total category - Updates (optional) available: Value "'& $CAT_UPDATES &'" send to item "win.updates.updates"')
   LogWriter ('FindUpdates','Total category - Critical Updates available: Value "'& $CAT_CRITICAL &'" send to item "win.updates.critical"')
   LogWriter ('FindUpdates','Total category - Security Updates available: Value "'& $CAT_SECURITY &'" send to item "win.updates.security"')
   LogWriter ('FindUpdates','Total category - Service Packs available: Value "'& $CAT_SERVICEPACK &'" send to item "win.updates.servicepack"')
   LogWriter ('FindUpdates','Total category - Update Rollups available: Value "'& $CAT_ROLLUPS &'" send to item "win.updates.rollups"')
   LogWriter ('FindUpdates','Total category - Feature Packs available: Value "'& $CAT_FEATURE &'" send to item "win.updates.feature"')
   LogWriter ('FindUpdates','Total category - Uncategorized updates available: Value "'& $CAT_UNCATEGORIZED &'" send to item "win.updates.uncategorized"')
   LogWriter ('FindUpdates','Total category - total updates available: Value "'& $UPDATES &'" send to item "win.updates.totalupdates"')

   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.updates", $CAT_UPDATES, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.critical", $CAT_CRITICAL, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.security", $CAT_SECURITY, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.servicepacks", $CAT_SERVICEPACK, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.rollups", $CAT_ROLLUPS, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.feature", $CAT_FEATURE, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.uncategorized", $CAT_UNCATEGORIZED, $ZBX_SRV, $ZBX_COMPUTERNAME)
   ZABBIXSENDER($ZBX_SENDER, $ZBX_CONFIG, "zbx.win.updates.total", $UPDATES, $ZBX_SRV, $ZBX_COMPUTERNAME)

EndFunc


Func LOGVALUE ($KEY, $VALUE)

   Local $PATH			= @ScriptDir &'\values\'
   Local $LOGFILE 		= $PATH & $KEY & '.log'

   ; Check if path exist
   If Not FileExists ($PATH) Then
	  DirCreate ($PATH)
	  LogWriter ('LOGVALUE', 'Directory: '& $PATH &' does not exist and wil be created.')
   EndIf

   ; Check if file exist
   If FileExists ($LOGFILE) Then

	  ; Remove Old log file
	  FileDelete ($LOGFILE)
	  LogWriter ('LOGVALUE', 'Delete (last value) old file'& $LOGFILE)

	  ; Write Value to log
	  FileWrite($LOGFILE, $VALUE)
	  LogWriter ('LOGVALUE', 'Value: '& $VALUE &' is writen to: '& $LOGFILE)
   Else
	  ; Write Value to log
	  FileWrite($LOGFILE, $VALUE)
	  LogWriter ('LOGVALUE', 'Value: '& $VALUE &' is writen to: '& $LOGFILE)

   EndIf

EndFunc


Func LogWriter ($CATEGORY,$DESCRIPTION)

   ; Variable(s)
   Local $TIMESTAMP = @YEAR & @MON & @YDAY &"-"& @HOUR & @MIN & @SEC
   Local $LOGLINE	= $TIMESTAMP & @TAB & @ComputerName & @TAB & @UserName & @TAB& $CATEGORY & @TAB & $DESCRIPTION &@CRLF

   ; Write to log file
   LOCAL $LOGFILE	= StringTrimRight (@ScriptName,4)
   FileWrite(@ScriptDir &'\'& $LOGFILE & '.log', $LOGLINE)

EndFunc


Func ZABBIXSENDER($SENDER, $CONFIG, $KEY, $VALUE, $ZBX_SRV, $ZBX_COMPUTERNAME)

   ;Local $SENDER	= 'C:\Zabbix\bin\win64\zabbix_sender.exe'
   ;Local $CONFIG	= 'C:\Zabbix\conf\zabbix_agentd.win.conf'

   LogWriter ('ZABBIXSENDER','PATH to Zabbix sender: ' & $SENDER)
   LogWriter ('ZABBIXSENDER','PATH to Zabbix config: ' & $CONFIG)

   Runwait('"'& $SENDER &'" -z "' & $ZBX_SRV &'" -s "'& $ZBX_COMPUTERNAME &'" -k "'& $KEY &'" -o "' & $VALUE, '', @SW_HIDE, 2)
   LogWriter ('ZABBIXSENDER','Send: Value "'& $VALUE &'" to key: "' & $KEY & '"')


EndFunc

 

Source : https://share.zabbix.com/operating-systems/windows/zabbix-windows-update-v1-0

Laisser un commentaire