Nguva pfupi yadarika takange takatarisana nebasa rekutarisa nguva yechokwadi yezvitupa paWindows server. Zvakanaka, kusimuka kwandakaita mushure mekunge zvitupa zvashanduka kuita nhanga kakawanda, panguva chaiyo apo waaishanda naye ndebvu aitarisira kuvandudzwa kwavo aive pazororo. Pashure paizvozvo, iye neni takafungira chimwe chinhu ndokufunga kufunga nezvazvo. Sezvo isu tiri kuita zvishoma nezvishoma iyo NetXMS yekutarisa sisitimu, yave iyo huru uye, musimboti, iye chete mumiriri webasa iri.
Mhedzisiro yacho pakupedzisira yakawanikwa mune inotevera fomu:
Uye maitiro acho pachawo anoenderera mberi.
Enda. Iko hakuna yakavakirwa-mukati counter yezvitupa zvinopera muNetXMS, saka iwe unofanirwa kugadzira yako uye kushandisa zvinyorwa kuti uzvipe nedata. Ehe, paPowershell, iyi iWindows. Iyo script inofanira kuverenga zvitupa zvese zviri musystem yekushandisa, kutora zuva ravo rekupera mumazuva kubva ipapo uye kupfuudza iyi nhamba kuNetXMS. Kuburikidza nemumiririri wake. Ndipo patichatangira.
Sarudzo imwe, nyore. Ingotora huwandu hwemazuva kusvika zuva rekupera kwechitupa rine zuva riri pedyo.
Kuti NetXMS server izive nezve kuvapo kwetsika yedu paramende, inofanirwa kuigamuchira kubva kumumiririri. Zvikasadaro, iyi parameter haigone kuwedzerwa nekuda kwekushaikwa kwayo. Naizvozvo, mune iyo agent yekumisikidza faira nxagentd.conf tinowedzera tambo yekunze yeparameter inonzi HTTPS.CertificateExpireDateSimple, matinonyoresa kutangwa kwechinyorwa:
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"Tichifunga kuti script inotangwa pamusoro petiweki, iwe unofanirwa kuyeuka nezvazvo , uye zvakare usakanganwa imwe "-NoLogo -NoProfile -NonInteractive", iyo yandakasiya kuti kodhi iverengeke zviri nani.
Nekuda kweizvozvo, iyo agent config inotaridzika seizvi:
#
# NetXMS agent configuration file
# Created by agent installer at Thu Jun 13 11:24:43 2019
#
MasterServers = netxms.corp.testcompany.ru
ConfigIncludeDir = C:NetXMSetcnxagentd.conf.d
LogFile = {syslog}
FileStore = C:NetXMSvar
SubAgent = ecs.nsm
SubAgent = filemgr.nsm
SubAgent = ping.nsm
SubAgent = logwatch.nsm
SubAgent = portcheck.nsm
SubAgent = winperf.nsm
SubAgent = wmi.nsm
ExternalParameter = HTTPS.CertificateExpireDateSimple: powershell.exe -File "servershareNetXMS_CertExpireDateSimple.ps1"Mushure meizvi, iwe unofanirwa kuchengetedza iyo config uye wotangazve mumiririri. Iwe unogona kuita izvi kubva kuNetXMS console: vhura iyo config (Rongedza mumiririri faira rekugadzirisa), rigadzirise, ita Chengetedza & Shandisa, semhedzisiro iyo, chokwadi, chinhu chimwe chete chichaitika. Wobva waverenga zvakare gadziriso (Poll> Configuration), kana iwe usina simba rekumirira zvachose. Mushure mematanho aya, iwe unofanirwa kukwanisa kuwedzera yedu tsika parameter.
MuNetXMS console enda ku Kugadziriswa Kwekuunganidza Data tester server patiri kuzotarisa zvitupa uye kugadzira parameter nyowani ipapo (mune ramangwana, mushure mekugadziriswa, zvine musoro kuiendesa kumatemplate). Sarudza HTTPS.CertificateExpireDateSimple kubva pakurongwa, isa Tsanangudzo ine zita rakajeka, isa rudzi kuInteger uye gadzirisa nguva yekuvhota. Nezvinangwa zvekugadzirisa, zvine musoro kuita kuti ipfupike, masekonzi makumi matatu, semuenzaniso. Zvese zvagadzirira, zvakwana izvozvi.
Iwe unogona kutarisa ... kwete, zvakakurumidza. Zvino, chokwadi, hapana chatinowana. Kungoti nekuti script haisati yanyorwa. Ngatigadzirise kusiiwa uku. Iyo script inongoratidza nhamba, nhamba yemazuva asara kusvika chitupa chapera. Izvo zvishoma pane zvese zviripo. Muenzaniso chinyorwa:
try {
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Π²ΡΠ΅ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΡ ΠΈΠ· Ρ
ΡΠ°Π½ΠΈΠ»ΠΈΡΠ° ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$lmCertificates = @( Get-ChildItem -Recurse -path 'Cert:LocalMachineMy' -ErrorAction Stop )
# ΠΡΠ»ΠΈ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ² Π½Π΅Ρ, Π²Π΅ΡΠ½ΡΡΡ "10 Π»Π΅Ρ"
if ($lmCertificates.Count -eq 0) { return 3650 }
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Expiration Date Π²ΡΠ΅Ρ
ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$expirationDates = @( $lmCertificates | ForEach-Object { return $_.NotAfter } )
# ΠΠΎΠ»ΡΡΠ°Π΅ΠΌ Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π±Π»ΠΈΠ·ΠΊΠΈΠΉ Expiration Date ΠΈΠ· Π²ΡΠ΅Ρ
$minExpirationDate = ($expirationDates | Measure-Object -Minimum -ErrorAction Stop ).Minimum
# ΠΠΎΠ½Π²Π΅ΡΡΠΈΡΡΠ΅ΠΌ Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ Π±Π»ΠΈΠ·ΠΊΠΈΠΉ Expiration Date Π² ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎ ΠΎΡΡΠ°Π²ΡΠΈΡ
ΡΡ Π΄Π½Π΅ΠΉ Ρ ΠΎΠΊΡΡΠ³Π»Π΅Π½ΠΈΠ΅ΠΌ Π² ΠΌΠ΅Π½ΡΡΡΡ ΡΡΠΎΡΠΎΠ½Ρ
$daysLeft = [Math]::Floor( ($minExpirationDate - [DateTime]::Now).TotalDays )
# ΠΠΎΠ·Π²ΡΠ°ΡΠ°Π΅ΠΌ Π·Π½Π°ΡΠ΅Π½ΠΈΠ΅
return $daysLeft
}
catch {
return -1
}Zvinoitika seizvi:
Mazuva 723, anenge makore maviri asara kusvika chitupa chapera. Zvine musoro, nekuti ndakapa zvakare zvitupa zveExchange test bhenji nguva pfupi yadarika.
Yakanga iri nyore sarudzo. Zvichida, mumwe munhu achagutsikana neizvi, asi isu taida zvimwe. Isu takazvimisira basa rekutora rondedzero yezvitupa zvese paserver, nemazita, uye kuti mumwe nemumwe aone huwandu hwemazuva asara kusvika chitupa chapera.
Chisarudzo chechipiri, zvimwe zvakaoma.
Zvekare isu tinogadzirisa iyo agent config uye ipapo, panzvimbo yemutsara neExternalParameter, tinonyora mamwe maviri:
ExternalList = HTTPS.CertificateNames: powershell.exe -File "serversharenetxms_CertExternalNames.ps1"
ExternalParameter = HTTPS.CertificateExpireDate(*): powershell.exe -File "serversharenetxms_CertExternalParameter.ps1" -CertificateId "$1"Π ExternalList tinongowana runyoro rwetambo. Kwatiri, runyoro rwetambo dzine mazita echitupa. Tichagamuchira runyoro rwemitsara iyi tichishandisa script. Zita rezita - HTTPS.CertificateNames.
Zvinyorwa NetXMS_CertNames.ps1:
#Π‘ΠΏΠΈΡΠΎΠΊ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΡΡ
ΠΈΠΌΠ΅Π½ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ²
$nameTypeList = @(
[System.Security.Cryptography.X509Certificates.X509NameType]::SimpleName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsName,
[System.Security.Cryptography.X509Certificates.X509NameType]::DnsFromAlternativeName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UrlName,
[System.Security.Cryptography.X509Certificates.X509NameType]::EmailName,
[System.Security.Cryptography.X509Certificates.X509NameType]::UpnName
)
#ΠΡΠ΅ΠΌ Π²ΡΠ΅ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΡ, ΠΈΠΌΠ΅ΡΡΠΈΠ΅ Π·Π°ΠΊΡΡΡΡΠΉ ΠΊΠ»ΡΡ
$certList = @( Get-ChildItem -Path 'Cert:LocalMachineMy' | Where-Object { $_.HasPrivateKey -eq $true } )
#ΠΡΠΎΡ
ΠΎΠ΄ΠΈΠΌ ΠΏΠΎ ΡΠΏΠΈΡΠΊΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠ², ΡΠΎΡΠΌΠΈΡΡΠ΅ΠΌ ΡΡΡΠΎΠΊΡ "ΠΠΌΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° - ΠΠ°ΡΠ° - Thumbprint" ΠΈ Π²ΠΎΠ·Π²ΡΠ°ΡΠ°Π΅ΠΌ Π΅Ρ
foreach ($cert in $certList) {
$name = '(unknown name)'
try {
$thumbprint = $cert.Thumbprint
$dateExpire = $cert.NotAfter
foreach ($nameType in $nameTypeList) {
$name_temp = $cert.GetNameInfo( $nameType, $false)
if ($name_temp -ne $null -and $name_temp -ne '') {
$name = $name_temp;
break;
}
}
Write-Output "$($name) - $($dateExpire.ToString('dd.MM.yyyy')) - [T:$($thumbprint)]"
}
catch {
Write-Error -Message "Error processing certificate list: $($_.Exception.Message)"
}
}Uye atopinda ExternalParameter Isu tinoisa mitsara kubva kuExternalList rondedzero, uye pakubuda tinowana iwo akaenzana mazuva ega ega. Chiziviso ndicho Chigunwe chechitupa. Ziva kuti HTTPS.CertificateExpireDate ine asterisk (*) mune iyi musiyano. Izvi zvinodikanwa kuitira kuti igamuchire ekunze akasiyana, ingori yedu CertificateId.
Zvinyorwa NetXMS_CertExpireDate.ps1:
#ΠΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΠΌ Π²Ρ
ΠΎΠ΄ΡΡΠΈΠΉ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ $CertificateId
param (
[Parameter(Mandatory=$false)]
[String]$CertificateId
)
#ΠΡΠΎΠ²Π΅ΡΠΊΠ° Π½Π° ΡΡΡΠ΅ΡΡΠ²ΠΎΠ²Π°Π½ΠΈΠ΅
if ($CertificateId -eq $null) {
Write-Error -Message "CertificateID parameter is required!"
return
}
#ΠΠΎ Thumbprint ΠΈΠ· ΡΡΡΠΎΠΊΠΈ Π² $CertificateId ΠΈΡΠ΅ΠΌ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ ΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΠΌ Π΅Π³ΠΎ Expiration Date
$certId = $CertificateId;
try {
if ($certId -match '^.*[T:(?<Thumbprint>[A-Z0-9]+)]$') {
$thumbprint = $Matches['Thumbprint']
$certificatePath = "Cert:LocalMachineMy$($thumbprint)"
if (Test-Path -PathType Leaf -Path $certificatePath ) {
$certificate = Get-Item -Path $certificatePath;
$certificateExpirationDate = $certificate.NotAfter
$certificateDayToLive = [Math]::Floor( ($certificateExpirationDate - [DateTime]::Now).TotalDays )
Write-Output "$($certificateDayToLive)";
}
else {
Write-Error -Message "No certificate matching this thumbprint found on this server $($certId)"
}
}
else {
Write-Error -Message "CertificateID provided in wrong format. Must be FriendlyName [T:<thumbprint>]"
}
}
catch {
Write-Error -Message "Error while executing script: $($_.Exception.Message)"
}MuDhipatimendi Yekuunganidza Yesevha, tinogadzira parameter nyowani. MuParameter tinosarudza yedu HTTPS.CertificateExpireDate(*) kubva pane rondedzero, uye (kuteerera!) shandura asterisk kuti {muenzaniso}. Iyi poindi yakakosha ichakubvumidza iwe kuti ugadzire yakaparadzana counter kune yega yega chiitiko (chitupa). Mamwe ose anozadzwa sezvakaita mushanduro yapfuura:
Kuti uve nechimwe chinhu chekugadzira zviverengero kubva, pane Instance Discovery tab unofanira kusarudza Agent List kubva pane rondedzero uye muNzvimbo yeZita reZita isa zita reExternalList yedu kubva pane script - HTTPS.CertificateNames.
Kuda kugadzirira, mira zvishoma kana kumanikidza Poll> Kugadzirisa uye Poll> Instance Discovery kana zvisingaite zvachose kumirira. Nekuda kweizvozvo, tinowana zvitupa zvedu zvese nenguva dzechokwadi:
Unodei? Ehe, hongu, honye chete yekusakwana inotarisa iyi isingakoshi Thumbprint muzita reiyo counter nemeso anosuruvara uye haindiregi ndipedze chinyorwa. Kuti uidyise, vhura iyo counter zvivakwa zvakare uye pane Instance Discovery tab, mu "Instance yekuwana sefa script" munda, wedzera iyo yakanyorwa mukati. (NetXMS mutauro wemukati) chinyorwa:
instance = $1;
if (instance ~= "^(.*)s-s[T:[a-zA-Z0-9]+]$")
{
return %(true, instance, $1);
}
return true;iyo inosefa Thumbprint:
Uye kuti uiratidze yakapepetwa, pane General tab mundima yetsanangudzo, shandura CertificateExpireDate: {muenzaniso} CertificateExpireDate: {instance-name}:
Ndizvozvo, pakupedzisira mutsetse wekupedzisa kubva kuKDPV:
Hakusi kunaka here?
Chasara kumisa chenjedzo kuitira kuti vasvike neemail kana chitupa chapera.
1. Chekutanga isu tinofanirwa kugadzira Chiitiko Template kuti iite activate kana iyo counter kukosha yadzikira kune imwe chikumbaridzo chatinoseta. IN Chiitiko Configuration ngatigadzire matemplate maviri matsva ane mazita akadai CertificateExpireDate_Threshold_Activate ine Yambiro chimiro:
uye zvakafanana CertificateExpireDate_Threshold_Deactivate with Normal status.
2. Tevere, enda kune counter zvivakwa uye isa chikumbaridzo paTresholds tab:
kwatinosarudza zviitiko zvedu zvakagadzirwa CertificateExpireDate_Threshold_Activate uye CertificateExpireDate_Threshold_Deactivate, isa nhamba yemasampuli (Samples) kusvika ku1 (kunyanya kune iyi counter hapana chikonzero pakugadzirisa zvimwe), kukosha i30 (mazuva), semuenzaniso, uye, zvakakosha, set. nguva yekudzokorora chiitiko. Kune zvitupa mukugadzira, ndinoiisa kamwe pazuva (86400 masekonzi), zvikasadaro unogona kunyura mune zviziviso (izvo, nenzira, zvakaitika kamwe chete, zvekuti bhokisi retsamba rakanga rakazara pakupera kwevhiki). Kwenguva yekugadzirisa, zvine musoro kuiisa pasi, 60 seconds, semuenzaniso.
3.In Action Configuration gadzira tsamba yekuzivisa template, seizvi:
Zvose izvi %m, %S, nezvimwewo. - macros mune izvo zvakakosha kubva kune yedu parameter zvichatsiviwa. Vanotsanangurwa zvakadzama mu NetXMS.
4. Uye pakupedzisira, kubatanidza pfungwa yapfuura, kupinda Chiitiko Processing Policy gadzira mutemo unoenderana neiyo Alarm ichagadzirwa uye tsamba ichatumirwa:
Isu tinochengetedza mutemo, zvese zvinogona kuedzwa. Ngatiisei chikumbaridzo kumusoro kuti titarise. Chitupa changu chepedyo chinopera mumazuva 723, ndakachiisa ku724 kuti nditarise.Nekuda kweizvozvo, tinowana alarm inotevera:
uye iyi email chiziviso:
Ndizvo zvose zvechokwadi zvino. Zvingave zvinogoneka, kumisa dashboard uye kuvaka magirafu, asi kune zvitupa izvi zvingave zvisina zvazvinoreva uye zvinofinha mitsara yakatwasuka, kusiyana nemagirafu e processor kana memory load, semuenzaniso. Asi, zvakawanda pamusoro peizvi pane imwe nguva.
Source: www.habr.com