Tsis ntev los no peb tau ntsib nrog txoj haujlwm ntawm kev saib xyuas lub sijhawm siv tau ntawm daim ntawv pov thawj ntawm Windows servers. Zoo, yuav ua li cas kuv tau sawv tom qab daim ntawv pov thawj tau hloov mus rau hauv taub dag ob peb zaug, thaum lub sij hawm thaum cov neeg ua hauj lwm bearded lub luag hauj lwm rau lawv rov qab mus so. Tom qab ntawd, nws thiab kuv xav tias ib yam dab tsi thiab txiav txim siab xav txog nws. Txij li thaum peb maj mam siv NetXMS kev saib xyuas, nws tau dhau los ua qhov tseem ceeb thiab, hauv txoj cai, tsuas yog tus neeg sib tw rau txoj haujlwm no.
Qhov tshwm sim thaum kawg tau txais hauv daim ntawv hauv qab no:
Thiab cov txheej txheem nws tus kheej txuas ntxiv mus.
Mus. Tsis muaj lub txee built-in rau daim ntawv pov thawj tas sijhawm hauv NetXMS, yog li koj yuav tsum tsim koj tus kheej thiab siv cov ntawv sau los muab cov ntaub ntawv. Tau kawg, ntawm Powershell, qhov no yog Windows. Tsab ntawv yuav tsum nyeem tag nrho cov ntawv pov thawj hauv kev ua haujlwm, coj lawv cov hnub tas sijhawm hauv hnub los ntawm qhov ntawd thiab dhau tus lej no mus rau NetXMS. Los ntawm nws tus neeg sawv cev. Qhov ntawd yog qhov peb yuav pib.
Xaiv Ib, yooj yim tshaj. Tsuas yog tau txais cov naj npawb ntawm hnub kom txog rau thaum hnub tas sij hawm ntawm daim ntawv pov thawj nrog rau hnub nyob ze tshaj plaws.
Rau NetXMS neeg rau zaub mov kom paub txog qhov muaj nyob ntawm peb qhov kev cai, nws yuav tsum tau txais los ntawm tus neeg sawv cev. Txwv tsis pub, qhov parameter no tsis tuaj yeem muab ntxiv vim nws tsis tuaj. Yog li ntawd, nyob rau hauv cov ntaub ntawv configuration tus neeg sawv cev nrx.conf peb ntxiv ib txoj hlua parameter sab nraud hu ua HTTPS.CertificateExpireDateSimple, nyob rau hauv uas peb sau npe launching tsab ntawv:
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"Xav tias tsab ntawv tau tshaj tawm hauv lub network, koj yuav tsum nco ntsoov txog , thiab kuj tsis txhob hnov ββqab lwm "-NoLogo -NoProfile -NonInteractive", uas kuv tshem tawm kom zoo dua code nyeem.
Yog li ntawd, tus neeg sawv cev config zoo li no:
#
# NetXMS agent configuration file
# Created by agent installer at Thu Jun 13 11:24:43 2019
#
MasterServers = netxms.corp.testcompany.ru
ConfigIncludeDir = C:NetXMSetcnxagentd.conf.d
LogFile = {syslog}
FileStore = C:NetXMSvar
SubAgent = ecs.nsm
SubAgent = filemgr.nsm
SubAgent = ping.nsm
SubAgent = logwatch.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"Tom qab qhov no, koj yuav tsum txuag lub config thiab rov pib tus neeg sawv cev. Koj tuaj yeem ua qhov no los ntawm NetXMS console: qhib lub config (Kho kom raug tus neeg sawv cev cov ntaub ntawv teeb tsa), kho nws, ua Txuag & Thov, vim li ntawd, qhov tseeb, tib yam yuav tshwm sim. Tom qab ntawd rov nyeem cov kev teeb tsa (Poll> Configuration), yog tias koj tsis muaj lub zog tos txhua. Tom qab cov kauj ruam no, koj yuav tsum tau ntxiv peb cov kev cai parameter.
Hauv NetXMS console mus rau Cov ntaub ntawv khaws cia Configuration sim neeg rau zaub mov uas peb yuav mus saib xyuas daim ntawv pov thawj thiab tsim ib tug tshiab parameter muaj (nyob rau hauv lub neej yav tom ntej, tom qab configuration, nws ua rau kev txiav txim siab hloov nws mus rau templates). Xaiv HTTPS.CertificateExpireDateSimple los ntawm daim ntawv teev npe, sau cov lus piav qhia nrog lub npe meej, teeb hom rau Integer thiab teeb tsa lub sijhawm xaiv tsa. Rau kev debugging lub hom phiaj, nws ua rau kev txiav txim siab ua kom luv dua, piv txwv li 30 vib nas this. Txhua yam yog npaj txhij, uas txaus rau tam sim no.
Koj tuaj yeem tshawb xyuas ... tsis yog, nws ntxov dhau. Tam sim no, tau kawg, peb yuav tsis tau dab tsi. Tsuas yog vim tsab ntawv tseem tsis tau sau. Cia peb kho qhov omission no. Tsab ntawv yuav tsuas tso saib ib tus lej, cov hnub tseem tshuav kom txog thaum daim ntawv pov thawj tas sijhawm. Qhov tsawg tshaj plaws ntawm txhua yam muaj. Piv txwv tsab ntawv:
try {
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Π²ΡΠ΅ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΡ ΠΈΠ· Ρ
ΡΠ°Π½ΠΈΠ»ΠΈΡΠ° ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$lmCertificates = @( Get-ChildItem -Recurse -path 'Cert:LocalMachineMy' -ErrorAction Stop )
# ΠΡΠ»ΠΈ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ² Π½Π΅Ρ, Π²Π΅ΡΠ½ΡΡΡ "10 Π»Π΅Ρ"
if ($lmCertificates.Count -eq 0) { return 3650 }
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Expiration Date Π²ΡΠ΅Ρ
ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$expirationDates = @( $lmCertificates | ForEach-Object { return $_.NotAfter } )
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π±Π»ΠΈΠ·ΠΊΠΈΠΉ Expiration Date ΠΈΠ· Π²ΡΠ΅Ρ
$minExpirationDate = ($expirationDates | Measure-Object -Minimum -ErrorAction Stop ).Minimum
# ΠΠΎΠ½Π²Π΅ΡΡΠΈΡΡΠ΅ΠΌ Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π±Π»ΠΈΠ·ΠΊΠΈΠΉ Expiration Date Π² ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎ ΠΎΡΡΠ°Π²ΡΠΈΡ
ΡΡ Π΄Π½Π΅ΠΉ Ρ ΠΎΠΊΡΡΠ³Π»Π΅Π½ΠΈΠ΅ΠΌ Π² ΠΌΠ΅Π½ΡΡΡΡ ΡΡΠΎΡΠΎΠ½Ρ
$daysLeft = [Math]::Floor( ($minExpirationDate - [DateTime]::Now).TotalDays )
# ΠΠΎΠ·Π²ΡΠ°ΡΠ°Π΅ΠΌ Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅
return $daysLeft
}
catch {
return -1
}Nws hloov tawm li no:
723 hnub, yuav luag ob xyoos mus txog rau thaum daim ntawv pov thawj tas. Nws yog qhov laj thawj, vim tias kuv tau tshaj tawm daim ntawv pov thawj rau lub Rooj Sib Tham Sib Tham tsis ntev los no.
Nws yog qhov kev xaiv yooj yim. Tej zaum, ib tug neeg yuav txaus siab rau qhov no, tab sis peb xav tau ntau dua. Peb tau teeb tsa peb tus kheej txoj haujlwm kom tau txais cov npe ntawm txhua daim ntawv pov thawj ntawm lub server, los ntawm lub npe, thiab rau txhua tus kom pom cov hnub so kom txog thaum daim ntawv pov thawj tas sijhawm.
Qhov kev xaiv thib ob, me ntsis nyuab dua.
Ntxiv dua thiab, peb hloov kho tus neeg sawv cev config thiab muaj, hloov ntawm kab nrog ExternalParameter, peb sau ob qho ntxiv:
ExternalList = HTTPS.CertificateNames: powershell.exe -File "serversharenetxms_CertExternalNames.ps1"
ExternalParameter = HTTPS.CertificateExpireDate(*): powershell.exe -File "serversharenetxms_CertExternalParameter.ps1" -CertificateId "$1"Π ExternalList peb tsuas tau txais ib daim ntawv teev cov hlua. Hauv peb cov ntaub ntawv, ib daim ntawv teev cov hlua nrog daim ntawv pov thawj npe. Peb yuav tau txais ib daim ntawv teev cov kab no siv cov ntawv sau. Sau npe - HTTPS.CertificateNames.
Script NetXMS_CertNames.ps1:
#Π‘ΠΏΠΈΡΠΎΠΊ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΡΡ
ΠΈΠΌΠ΅Π½ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$nameTypeList = @(
[System.Security.Cryptography.X509Certificates.X509NameType]::SimpleName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsFromAlternativeName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UrlName,
[System.Security.Cryptography.X509Certificates.X509NameType]::EmailName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UpnName
)
#ΠΡΠ΅ΠΌ Π²ΡΠ΅ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΡ, ΠΈΠΌΠ΅ΡΡΠΈΠ΅ Π·Π°ΠΊΡΡΡΡΠΉ ΠΊΠ»ΡΡ
$certList = @( Get-ChildItem -Path 'Cert:LocalMachineMy' | Where-Object { $_.HasPrivateKey -eq $true } )
#ΠΡΠΎΡ
ΠΎΠ΄ΠΈΠΌ ΠΏΠΎ ΡΠΏΠΈΡΠΊΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ², ΡΠΎΡΠΌΠΈΡΡΠ΅ΠΌ ΡΡΡΠΎΠΊΡ "ΠΠΌΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° - ΠΠ°ΡΠ° - Thumbprint" ΠΈ Π²ΠΎΠ·Π²ΡΠ°ΡΠ°Π΅ΠΌ Π΅Ρ
foreach ($cert in $certList) {
$name = '(unknown name)'
try {
$thumbprint = $cert.Thumbprint
$dateExpire = $cert.NotAfter
foreach ($nameType in $nameTypeList) {
$name_temp = $cert.GetNameInfo( $nameType, $false)
if ($name_temp -ne $null -and $name_temp -ne '') {
$name = $name_temp;
break;
}
}
Write-Output "$($name) - $($dateExpire.ToString('dd.MM.yyyy')) - [T:$($thumbprint)]"
}
catch {
Write-Error -Message "Error processing certificate list: $($_.Exception.Message)"
}
}Thiab twb nyob rau hauv ExternalParameter Peb nkag mus rau kab los ntawm ExternalList daim ntawv teev npe, thiab ntawm cov zis peb tau txais tib lub hnub rau txhua tus. Tus cim yog tus Thumbprint ntawm daim ntawv pov thawj. Nco ntsoov tias HTTPS.CertificateExpireDate muaj lub hnub qub (*) hauv qhov sib txawv no. Qhov no yog qhov tsim nyog kom nws lees txais cov hloov pauv sab nraud, tsuas yog peb daim ntawv pov thawj.
Script NetXMS_CertExpireDate.ps1:
#ΠΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΠΌ Π²Ρ
ΠΎΠ΄ΡΡΠΈΠΉ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ $CertificateId
param (
[Parameter(Mandatory=$false)]
[String]$CertificateId
)
#ΠΡΠΎΠ²Π΅ΡΠΊΠ° Π½Π° ΡΡΡΠ΅ΡΡΠ²ΠΎΠ²Π°Π½ΠΈΠ΅
if ($CertificateId -eq $null) {
Write-Error -Message "CertificateID parameter is required!"
return
}
#ΠΠΎ Thumbprint ΠΈΠ· ΡΡΡΠΎΠΊΠΈ Π² $CertificateId ΠΈΡΠ΅ΠΌ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ ΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΠΌ Π΅Π³ΠΎ Expiration Date
$certId = $CertificateId;
try {
if ($certId -match '^.*[T:(?<Thumbprint>[A-Z0-9]+)]$') {
$thumbprint = $Matches['Thumbprint']
$certificatePath = "Cert:LocalMachineMy$($thumbprint)"
if (Test-Path -PathType Leaf -Path $certificatePath ) {
$certificate = Get-Item -Path $certificatePath;
$certificateExpirationDate = $certificate.NotAfter
$certificateDayToLive = [Math]::Floor( ($certificateExpirationDate - [DateTime]::Now).TotalDays )
Write-Output "$($certificateDayToLive)";
}
else {
Write-Error -Message "No certificate matching this thumbprint found on this server $($certId)"
}
}
else {
Write-Error -Message "CertificateID provided in wrong format. Must be FriendlyName [T:<thumbprint>]"
}
}
catch {
Write-Error -Message "Error while executing script: $($_.Exception.Message)"
}Nyob rau hauv cov ntaub ntawv sau Configuration ntawm tus neeg rau zaub mov, peb tsim ib tug tshiab parameter. Hauv Parameter peb xaiv peb HTTPS.CertificateExpireDate(*) los ntawm daim ntawv teev npe, thiab (kev saib xyuas!) hloov lub hnub qub rau {piv txwv li}. Cov ntsiab lus tseem ceeb no yuav tso cai rau koj los tsim ib lub txee cais rau txhua qhov piv txwv (daim ntawv pov thawj). Tus so yog sau nyob rau hauv raws li nyob rau hauv lub dhau los version:
Txhawm rau kom muaj ib yam dab tsi los tsim cov txee los ntawm, ntawm Instance Discovery tab koj yuav tsum xaiv Tus Neeg Sawv Cev Sau Npe los ntawm cov npe thiab hauv Daim Ntawv Sau Npe sau lub npe ntawm peb ExternalList los ntawm tsab ntawv - HTTPS.CertificateNames.
Yuav luag npaj txhij, tos me ntsis los yog yuam kev Poll> Configuration thiab Poll> Instance Discovery yog tias nws tsis tuaj yeem tos. Yog li ntawd, peb tau txais tag nrho peb cov ntawv pov thawj nrog lub sijhawm siv tau:
Koj xav tau dab tsi? Zoo, yog, tsuas yog tus cab ntawm perfectionism saib ntawm qhov tsis tsim nyog Thumbprint nyob rau hauv lub npe ntawm lub txee nrog tu siab ob lub qhov muag thiab tsis cia kuv ua tiav tsab xov xwm. Txhawm rau pub nws, qhib cov khoom txee dua thiab ntawm Instance Discovery tab, hauv "Instance discovery filter script" teb, ntxiv qhov sau rau hauv (NetXMS internal language) tsab ntawv:
instance = $1;
if (instance ~= "^(.*)s-s[T:[a-zA-Z0-9]+]$")
{
return %(true, instance, $1);
}
return true;uas yuav lim Thumbprint:
Thiab kom tso saib nws lim, ntawm General tab nyob rau hauv cov lus piav qhia, hloov CertificateExpireDate: {piv txwv li} rau CertificateExpireDate: {instance-name}:
Qhov ntawd yog nws, thaum kawg txoj kab tiav los ntawm KDPV:
Tsis yog kev zoo nkauj?
Txhua yam uas tseem tshuav yog teeb tsa kev ceeb toom kom lawv tuaj txog ntawm email thaum daim ntawv pov thawj tas sijhawm.
1. Ua ntej peb yuav tsum tau tsim ib qho kev tshwm sim Template los qhib nws thaum tus nqi counter txo qis rau qee qhov pib peb teev. IN Txheej xwm txheej xwm cia peb tsim ob tus qauv tshiab nrog cov npe zoo li CertificateExpireDate_Threshold_Activate nrog ceeb toom xwm txheej:
thiab zoo sib xws CertificateExpireDate_Threshold_Deactivate nrog li xwm txheej.
2. Tom ntej no, mus rau cov khoom txee thiab teeb qhov pib ntawm Tresholds tab:
qhov twg peb xaiv peb cov txheej xwm tsim CertificateExpireDate_Threshold_Activate thiab CertificateExpireDate_Threshold_Deactivate, teem tus naj npawb ntawm cov qauv (Samples) mus rau 1 (tshwj xeeb rau lub txee no tsis muaj taw tes rau kev teeb tsa ntau), tus nqi yog 30 (hnub), piv txwv li, thiab, qhov tseem ceeb, teeb lub sijhawm rov tshwm sim. Rau cov ntawv pov thawj hauv kev tsim khoom, kuv tau teeb tsa ib hnub ib zaug (86400 vib nas this), txwv tsis pub koj tuaj yeem poob rau hauv cov ntawv ceeb toom (uas, los ntawm txoj kev, tau tshwm sim ib zaug, ntau npaum li lub thawv xa ntawv puv rau lub asthiv). Rau lub sij hawm debugging, nws ua rau kev txiav txim siab kom nws qis dua, 60 vib nas this, piv txwv li.
3. Nyob rau hauv Action Configuration tsim ib daim ntawv ceeb toom template, zoo li no:
Tag nrho cov no %m, %S, thiab lwm yam. - macros nyob rau hauv uas qhov tseem ceeb ntawm peb cov parameter yuav raug hloov. Lawv tau piav qhia ntau ntxiv hauv NetXMS.
4. Thiab thaum kawg, sib txuas cov ntsiab lus dhau los, rau hauv Txheej xwm txheej txheem tsim ib txoj cai raws li lub tswb yuav raug tsim thiab yuav xa ib tsab ntawv:
Peb txuag txoj cai, txhua yam tuaj yeem kuaj tau. Cia peb teem qhov pib siab dua los kuaj xyuas. Kuv daim ntawv pov thawj ze tshaj yuav tas sij hawm nyob rau hauv 723 hnub, kuv teem rau 724 mus xyuas. Yog li ntawd, peb tau txais lub tswb nram qab no:
thiab no email ceeb toom:
Qhov ntawd yog txhua yam kom paub meej tam sim no. Nws yuav ua tau, ntawm chav kawm, teeb tsa lub dashboard thiab tsim cov duab, tab sis rau daim ntawv pov thawj cov no yuav tsis muaj nuj nqis thiab tho txawv cov kab ncaj nraim, tsis zoo li cov duab ntawm processor lossis nco load, piv txwv li. Tab sis, ntau ntxiv txog qhov no lwm lub sijhawm.
Tau qhov twg los: www.hab.com