This post focuses on the Powershell-based monitor created in my first post to find and alert on certificates that are about to expire on managed computers. This monitor was created from the “Create a Unit Monitor” wizard as demonstrated in my first post.
For this Powershell-based unit monitor, the following values were used in General Properties.
Note: This monitor targets the Windows Server 2008 Computer class, and hence will be distributed to agents running on Windows 2008 servers.
Polling frequency was set to 3 minutes for testing purposes. This value can be changed anytime based on preference.
The command to find certificates that are about to expire from the Hey, Scripting Guy ! Blog, was used in the Powershell script of this monitor and the script was modified to return its output in a Propertybag.
Here is the script used:
sl cert:
$thresholdindays = 1000
$ExpiredCerts = Get-ChildItem -Recurse | where { $_.notafter -le (get-date).AddDays($thresholdindays)-AND $_.notafter -gt (get-date)} | select thumbprint, subject
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
if($ExpiredCerts.Length -gt 0) {
$OFS = "`r`n"
$result1 = [system.String]::Join($ofs, $ExpiredCerts)
$result2 = [string]$result1
$result2 = $result2 -replace "@{", ""
$result2 = $result2 -replace "}", ""
$PropertyBag.AddValue("State","ERROR")
$PropertyBag.AddValue("Description", "Expired Certificates: " + $result2)
}
else {
$PropertyBag.AddValue("State","OK")
$PropertyBag.AddValue("Description", "ALL GOOD !!")
}
sl $currentlocation
$PropertyBag
Building expressions based on the value in the Propertybag and mapping monitor conditions to health states were very straight forward as follows.
The Expression Builder Pages builds expression that looks for a particular value from the Propertybag that the data source outputs (Property[@Name='State']).
The name of the value in the Propertybag was specified in the alert context variable: $Data/Context/Property[@Name='Description']$
To force an alert, set the threshold to a high value like 1000 days ($thresholdindays = 1000). Here is an example of the active alert generated and the state change recorded:
Attached with this post are both the certificate expiry monitor management pack (TakeAWei.Certificate.Expiry.Monitor.Management.Pack.xml) and the sealed library management pack being referenced. Both management packs will need to be imported together via the Operations Console.
For this Powershell-based unit monitor, the following values were used in General Properties.
Note: This monitor targets the Windows Server 2008 Computer class, and hence will be distributed to agents running on Windows 2008 servers.
Polling frequency was set to 3 minutes for testing purposes. This value can be changed anytime based on preference.
The command to find certificates that are about to expire from the Hey, Scripting Guy ! Blog, was used in the Powershell script of this monitor and the script was modified to return its output in a Propertybag.
Here is the script used:
sl cert:
$thresholdindays = 1000
$ExpiredCerts = Get-ChildItem -Recurse | where { $_.notafter -le (get-date).AddDays($thresholdindays)-AND $_.notafter -gt (get-date)} | select thumbprint, subject
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
if($ExpiredCerts.Length -gt 0) {
$OFS = "`r`n"
$result1 = [system.String]::Join($ofs, $ExpiredCerts)
$result2 = [string]$result1
$result2 = $result2 -replace "@{", ""
$result2 = $result2 -replace "}", ""
$PropertyBag.AddValue("State","ERROR")
$PropertyBag.AddValue("Description", "Expired Certificates: " + $result2)
}
else {
$PropertyBag.AddValue("State","OK")
$PropertyBag.AddValue("Description", "ALL GOOD !!")
}
sl $currentlocation
$PropertyBag
Building expressions based on the value in the Propertybag and mapping monitor conditions to health states were very straight forward as follows.
The Expression Builder Pages builds expression that looks for a particular value from the Propertybag that the data source outputs (Property[@Name='State']).
The name of the value in the Propertybag was specified in the alert context variable: $Data/Context/Property[@Name='Description']$
To force an alert, set the threshold to a high value like 1000 days ($thresholdindays = 1000). Here is an example of the active alert generated and the state change recorded:
Attached with this post are both the certificate expiry monitor management pack (TakeAWei.Certificate.Expiry.Monitor.Management.Pack.xml) and the sealed library management pack being referenced. Both management packs will need to be imported together via the Operations Console.
Disclaimer:
All information on this blog is provided on an as-is basis with no warranties and for informational purposes only. Use at your own risk. The opinions and views expressed in this blog are those of the author and do not necessarily state or reflect those of my employer.
Attachment: 
CertExpiry.zip
CertExpiry.zip
Hiç yorum yok:
Yorum Gönder