Talu ai nei na matou feagai ai ma le galuega o le mataʻituina o le taimi faʻamaonia o tusi faamaonia i luga o le Windows servers. Ia, pe na faapefea ona ou tu i luga ina ua uma ona liu tusi faamaonia i se maukeni i le tele o taimi, i le taimi tonu lava na malolo ai le uo paʻu na nafa ma lo latou faafouga. Ina ua uma lena, sa ma masalomia se mea ma filifili loa e mafaufau i ai. Talu ai o loʻo matou faʻatinoina lemu le NetXMS mataʻituina faiga, ua avea ma autu ma, i le mataupu faavae, naʻo le sui tauva mo lenei galuega.
O le taunuuga na iu lava ina maua i le fomu nei:
Ma o le faagasologa lava ia e faaauau pea.
Alu. E leai se fa'ailoga faufale mo tusi pasi ua mae'a i NetXMS, o lea e mana'omia ai ona e faia oe lava ma fa'aoga tusitusiga e tu'uina atu ai fa'amaumauga. Ioe, i luga o le Powershell, o Windows lea. O le tusitusiga e tatau ona faitau uma tusi faamaonia i totonu o le faiga faʻaogaina, ave a latou aso e muta i aso mai iina ma pasi lenei numera i NetXMS. E ala i lona sui. O iina o le a tatou amata ai.
Filifiliga tasi, sili ona faigofie. Na'o le mauaina o le numera o aso seia o'o i le aso e muta ai le tusi faamaonia ma le aso lata ane.
Mo le NetXMS server e iloa e uiga i le i ai o la tatou masani masani, e tatau ona maua mai le sooupu. A leai, e le mafai ona fa'aopoopoina lenei parakalafa ona o lona toesea. O le mea lea, i le faila fetuutuunaiga sui nxagentd.conf matou te fa'aopoopoina se manoa fa'ailoga fafo e ta'ua HTTPS.CertificateExpireDateSimple, lea matou te resitalaina ai le faʻalauiloaina o le tusitusiga:
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"Mafaufau i le faʻalauiloaina o le tusitusiga i luga o le upega tafailagi, e tatau ona e manatua e uiga i , ma aua neʻi galo foi le isi "-NoLogo -NoProfile -NonInteractive", lea na ou le faʻaaogaina mo le sili atu o le faitau code.
O se taunuuga, o le sui config e pei o lenei:
#
# NetXMS agent configuration file
# Created by agent installer at Thu Jun 13 11:24:43 2019
#
MasterServers = netxms.corp.testcompany.ru
ConfigIncludeDir = C:NetXMSetcnxagentd.conf.d
LogFile = {syslog}
FileStore = C:NetXMSvar
SubAgent = ecs.nsm
SubAgent = filemgr.nsm
SubAgent = ping.nsm
SubAgent = logwatch.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"A maeʻa lenei, e tatau ona e faʻasaoina le config ma toe amata le sooupu. E mafai ona e faia lenei mea mai le NetXMS faʻamafanafanaga: tatala le config (Faʻasaʻo le faila faila a le sui), faʻasaʻo, faʻatino Save & Apply, o se taunuuga o le mea moni, o le mea lava e tasi o le a tupu. Ona toe faitau lea o le faatulagaga (Poll> Configuration), pe afai e te le maua le malosi e faatali ai. A maeʻa nei laasaga, e tatau ona e faʻaopoopoina la matou faʻasologa masani.
I le NetXMS console alu i Fa'atonuga o le aoina o fa'amaumauga suʻega faʻataʻitaʻiga lea o le a matou mataʻituina ai tusi faamaonia ma fatuina se parakalafa fou iina (i le lumanaʻi, pe a uma le faʻatulagaina, e talafeagai le tuʻuina atu i mamanu). Filifili HTTPS.CertificateExpireDateSimple mai le lisi, ulufale i se Faʻamatalaga ma se igoa manino, seti le ituaiga i le Integer ma faʻapipiʻi le va o palota. Mo faʻamoemoega faʻapipiʻi, e talafeagai le faʻapuupuu, 30 sekone, mo se faʻataʻitaʻiga. Ua sauni mea uma, ua lava lena mo le taimi nei.
E mafai ona e siaki ... leai, ua vave tele. O lenei, ioe, tatou te le maua se mea. Ona e le'i tusia le tusitusiga. Sei o tatou faasa'oina lea mea ua le faia. O le tusitusiga o le a naʻo le faʻaalia o se numera, le aofaʻi o aso o totoe seia maeʻa le tusi faamaonia. Le aupito itiiti o mea uma e maua. Fa'ata'ita'iga tusitusiga:
try {
# Получаем все сертификаты из хранилища сертификатов
$lmCertificates = @( Get-ChildItem -Recurse -path 'Cert:LocalMachineMy' -ErrorAction Stop )
# Если сертификатов нет, вернуть "10 лет"
if ($lmCertificates.Count -eq 0) { return 3650 }
# Получаем Expiration Date всех сертификатов
$expirationDates = @( $lmCertificates | ForEach-Object { return $_.NotAfter } )
# Получаем наиболее близкий Expiration Date из всех
$minExpirationDate = ($expirationDates | Measure-Object -Minimum -ErrorAction Stop ).Minimum
# Конвертируем наиболее близкий Expiration Date в количество оставшихся дней с округлением в меньшую сторону
$daysLeft = [Math]::Floor( ($minExpirationDate - [DateTime]::Now).TotalDays )
# Возвращаем значение
return $daysLeft
}
catch {
return -1
}E foliga mai e faapea:
723 aso, toeititi lua tausaga o totoe seia uma le tusi faamaonia. E talafeagai, aua na ou toe tuʻuina atu tusi faamaonia mo le Suʻega suʻega nofoa talu ai nei.
O se filifiliga faigofie. Masalo, o le a faamalieina se tasi i lenei mea, ae sa matou mananao atili. Matou te setiina i matou lava le galuega o le mauaina o se lisi o tusi pasi uma i luga o le 'auʻaunaga, i le igoa, ma mo tagata taʻitoʻatasi e vaʻai i le aofaʻi o aso o totoe seia maeʻa le tusi faamaonia.
O le filifiliga lona lua, e fai si faigata.
Matou te toe faʻasaʻo le sui sooupu ma iina, nai lo le laina ma ExternalParameter, matou te tusia isi e lua:
ExternalList = HTTPS.CertificateNames: powershell.exe -File "serversharenetxms_CertExternalNames.ps1"
ExternalParameter = HTTPS.CertificateExpireDate(*): powershell.exe -File "serversharenetxms_CertExternalParameter.ps1" -CertificateId "$1"В Lisi i fafo na'o matou maua se lisi o manoa. I la matou tulaga, o se lisi o manoa ma igoa tusi faamaonia. O le a matou mauaina se lisi o nei laina e faʻaaoga ai le tusitusiga. Lisi igoa - HTTPS.CertificateNames.
Tusi NetXMS_CertNames.ps1:
#Список возможных имен сертификатов
$nameTypeList = @(
[System.Security.Cryptography.X509Certificates.X509NameType]::SimpleName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsFromAlternativeName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UrlName,
[System.Security.Cryptography.X509Certificates.X509NameType]::EmailName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UpnName
)
#Ищем все сертификаты, имеющие закрытый ключ
$certList = @( Get-ChildItem -Path 'Cert:LocalMachineMy' | Where-Object { $_.HasPrivateKey -eq $true } )
#Проходим по списку сертификатов, формируем строку "Имя сертификата - Дата - Thumbprint" и возвращаем её
foreach ($cert in $certList) {
$name = '(unknown name)'
try {
$thumbprint = $cert.Thumbprint
$dateExpire = $cert.NotAfter
foreach ($nameType in $nameTypeList) {
$name_temp = $cert.GetNameInfo( $nameType, $false)
if ($name_temp -ne $null -and $name_temp -ne '') {
$name = $name_temp;
break;
}
}
Write-Output "$($name) - $($dateExpire.ToString('dd.MM.yyyy')) - [T:$($thumbprint)]"
}
catch {
Write-Error -Message "Error processing certificate list: $($_.Exception.Message)"
}
}Ma ua i totonu Parameter fafo Matou te tuʻuina atu laina mai le ExternalList lisi, ma i le gaioiga matou te maua ai le numera tutusa o aso mo taʻitasi. O le mea e iloagofie ai o le Thumbprint o le tusi faamaonia. Manatua o le HTTPS.CertificateExpireDate o loʻo i ai se fetu (*) i lenei fesuiaiga. E manaʻomia lenei mea ina ia talia suiga i fafo, naʻo le matou CertificateId.
Fa'amatalaga NetXMS_CertExpireDate.ps1:
#Определяем входящий параметр $CertificateId
param (
[Parameter(Mandatory=$false)]
[String]$CertificateId
)
#Проверка на существование
if ($CertificateId -eq $null) {
Write-Error -Message "CertificateID parameter is required!"
return
}
#По Thumbprint из строки в $CertificateId ищем сертификат и определяем его Expiration Date
$certId = $CertificateId;
try {
if ($certId -match '^.*[T:(?<Thumbprint>[A-Z0-9]+)]$') {
$thumbprint = $Matches['Thumbprint']
$certificatePath = "Cert:LocalMachineMy$($thumbprint)"
if (Test-Path -PathType Leaf -Path $certificatePath ) {
$certificate = Get-Item -Path $certificatePath;
$certificateExpirationDate = $certificate.NotAfter
$certificateDayToLive = [Math]::Floor( ($certificateExpirationDate - [DateTime]::Now).TotalDays )
Write-Output "$($certificateDayToLive)";
}
else {
Write-Error -Message "No certificate matching this thumbprint found on this server $($certId)"
}
}
else {
Write-Error -Message "CertificateID provided in wrong format. Must be FriendlyName [T:<thumbprint>]"
}
}
catch {
Write-Error -Message "Error while executing script: $($_.Exception.Message)"
}I le Fa'atulagaina o Fa'amaumauga a le 'au'aunaga, matou te fatuina se parakalafa fou. I le Parameter matou te filifilia a matou HTTPS.CertificateExpireDate(*) mai le lisi, ma (tonu!) sui le fetu i {fa'ata'ita'iga}. O lenei itu taua o le a mafai ai ona e faia se fata eseese mo tulaga taitasi (tusi faamaonia). O lo'o totoe ua fa'atumuina e pei o le lomiga muamua:
Ina ia mafai ona i ai se mea e fatu ai faʻailoga mai, i luga o le Instance Discovery tab e te manaʻomia e filifili le Lisi Agent mai le lisi ma i le Lisi Igoa fanua faʻapipiʻi le igoa o le matou ExternalList mai le tusitusiga - HTTPS.CertificateNames.
Toeititi lava sauni, fa'atali mo sina taimi pe fa'amalosi le Faiga Palota > Fa'atonu ma le Faiga Palota > Su'esu'ega Fa'ata'ita'iga pe a le mafai ona fa'atali. O le iʻuga, matou te mauaina uma a matou tusi faamaonia ma taimi faʻamaonia:
O a mea e te mana'omia? Ia, ioe, na o le anufe o le atoatoa e tilotilo i lenei Thumbprint le tatau i le igoa o le fata ma mata faanoanoa ma e le faatagaina au e faauma le tusiga. Ina ia fafagaina, toe tatala le fale fa'atau ma luga o le Instance Discovery tab, i le "Instance discovery filter script", fa'aopoopo le mea o lo'o tusia i totonu. (NetXMS gagana i totonu) tusitusiga:
instance = $1;
if (instance ~= "^(.*)s-s[T:[a-zA-Z0-9]+]$")
{
return %(true, instance, $1);
}
return true;lea o le a faʻamamaina Thumbprint:
Ma ina ia faʻaalia ua faʻamamaina, i luga o le General tab i le Faʻamatalaga fanua, sui CertificateExpireDate: {instance} i CertificateExpireDate: {instance-name}:
O le mea lena, mulimuli ane o le tini mai le KDPV:
E le matagofie ea?
Pau lava le mea o loʻo totoe o le setiina o faʻasalalauga ina ia latou taunuu i imeli pe a maeʻa le tusi faamaonia.
1. Muamua tatou te manaʻomia le fatuina o se Faʻataʻitaʻiga Faʻataʻitaʻiga e faʻagaoioia ai pe a faʻaititia le tau faʻataʻitaʻi i se faʻailoga tatou te setiina. IN Fa'atonuga o mea na tupu sei o tatou faia ni mamanu fou se lua ma igoa e pei o CertificateExpireDate_Threshold_Activate ma tulaga Lapataiga:
ma faapena CertificateExpireDate_Threshold_Deactivate ma tulaga masani.
2. Sosoo ai, alu i le fale fa'atau ma seti le faitoto'a i luga o le fa'amaufa'ailoga Fa'amau:
lea matou te filifilia ai a matou mea na faia CertificateExpireDate_Threshold_Activate ma CertificateExpireDate_Threshold_Deactivate, seti le numera o faʻataʻitaʻiga (Faʻataʻitaʻiga) i le 1 (faʻapitoa mo lenei faʻatau e leai se mea e faʻatulagaina atili), o le tau o le 30 (aso), mo se faʻataʻitaʻiga, ma, taua, seti le taimi e fai ai mea. Mo tusi faamaonia i le gaosiga, ou te setiina tasi i le aso (86400 sekone), a le o lea e mafai ona e malemo i faʻamatalaga (lea, i le ala, na tupu i le taimi e tasi, o lea na tumu ai le pusa meli i le faaiuga o le vaiaso). Mo le taimi faʻapipiʻi, e talafeagai le tuʻu i lalo, 60 sekone, mo se faʻataʻitaʻiga.
3. I le Faiga Fa'atonu faia se faʻataʻitaʻiga tusi faʻamatalaga, pei o lenei:
O nei %m, %S, etc. - macros lea o le a suia ai tau mai la tatou parakalafa. O loʻo faʻamatalaina atili i latou i NetXMS.
4. Ma le mea mulimuli, o le tuufaatasia o manatu muamua, i totonu Faiga Faʻavae Faʻatonu faia se tulafono e tusa ai ma le a faia ai se Alarm ma o le a lafoina se tusi:
Matou te faʻasaoina le faiga faʻavae, e mafai ona tofotofoina mea uma. Sei o tatou setiina le tulaga maualuga e siaki ai. O la'u tusipasi lata ane e muta i le 723 aso, ou te setiina i le 724 e siaki ai. O se taunuuga, matou te maua le fa'ailo nei:
ma lenei imeli imeli:
Pau lava le mea e mautinoa i le taimi nei. E mafai, ioe, ona seti se dashboard ma fausia kalafi, ae mo tusi faamaonia o nei mea o le a le aoga ma le manaia laina saʻo, e le pei o kalafi o le gaosiga poʻo le uta manatua, mo se faʻataʻitaʻiga. Ae, e uiga i lenei mea i se isi taimi.
puna: www.habr.com