/build/static/layout/Breadcrumb_cap_w.png

How to create a K1000 notification to monitor the status of your Windows services

If you are concerned that some of the Windows services that should normally run on all your computers are not running and you want to keep an eye on these kind of situations you can the following custom K1000 Notifications to monitor them.

In the current version of K1000 is not possible to creare this kind of notification using the wizard but we need to use a custom SQL to achieve what we need.
A bit of background before to put the hands on the SQL code:
The following SQL uses many different tables and the most important to consider are:

MACHINE        contains all the machines that are in our inventory
NTSERVICE     contains information about the services discovered on the machine, their name, version, status and other details about them.
The most important field in this table are:
NAME                     represents the name of the service
STARTUP_TYPE    represents the service startup type (if starts automatically, manually or disabled).
the most common status types are:
SERVICE_AUTO_START
SERVICE_DEMAND_START
SERVICE_DISABLED

STATUS        represents the current status of the service. The most common values are:
    SERVICE_RUNNING
    SERVICE_STOPPED
MACHINE_NTSERVICE_JT It is used to link the MACHINE table with the NTSERVICE table

In the following example we want to monitor the DHCP Server (DHCPServer) and the DNS server status and send an email notification to the administrator when one of these two services is stopped.
First of all we need to create our notification using the wizard:
  1. Under Reporting click on Notifications
  2. Click on Choose Action -> New -> Device Notification
  3. Enter the title, the recipients (at least one) and the frequency and press Create
  4. Click on the name of the notification that you just created and, as editor option, select : "To edit the Notification using this editor, Click Here"
  5. Remove all the SQL code and replace it with the following one:

SELECT MACHINE.NAME AS SYSTEM_NAME,
       SYSTEM_DESCRIPTION,
       MACHINE.IP,
       MACHINE.MAC,
       MACHINE.ID AS TOPIC_ID
  FROM MACHINE
       LEFT JOIN ORG1.MACHINE_NTSERVICE_JT
          ON ORG1.MACHINE.ID = ORG1.MACHINE_NTSERVICE_JT.MACHINE_ID
       LEFT JOIN NTSERVICE
          ON ORG1.MACHINE_NTSERVICE_JT.NTSERVICE_ID = NTSERVICE.ID
 WHERE     NTSERVICE.STATUS = 'SERVICE_STOPPED'
       AND NTSERVICE.NAME IN ('DHCPServer', 'DNS')


Changing the where clause and modifying the IN clause adding other services you can keep an eye on different situations.

Some important points to remember:

  1. It is recommended that you test your SQL code before to sue in a notification or in a report: you can easily connect to the internal database of the K1000 using TOAD for MySql or the native tools of MySQL
  2. Remember that the data is collected thought the Inventory and so it is not realtime: by default the inventory is sent to the K1000 every 2 hours. So do not exaggerate with the frequency of the notification
  3. the field NAME of the table NTSTATUS contains the real name of the service and not the descriptive one. To find out the real name of a service open the services.msc snap-in and double click on the service
    The real name of the service in the one stated in the General tab, Service name
    14yI3l.png


Comments

This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ