Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    Using PowerShell Scripts in LogicMonitor

    Last updated on 30 November, 2020

    Overview

    PowerShell scripts can be integrated into LogicMonitor in order to monitor specific Windows stats which are unavailable from WMI or Perfmon.

    Windows Setup

    The most useful way to utilise PowerShell in LogicMonitor is by using remote PowerShell scripts. Some setup in Windows is required to allow this to happen.

    STEP 1: Open a PowerShell window on each pc to be monitored and enter the following (note the * can be replaced with a collector ip):

    Note: The monitored devices may need to be added to the collectors trustedhosts with the command on line 2

    Enable-PSRemoting -Force
    Set-Item wsman:\localhost\client\trustedhosts * -Force
    Restart-Service WinRM -Force
    winrm set winrm/config/winrs '@{MaxShellsPerUser="50"}'

    STEP 2: Verify that remote Powershell is working and access is granted for a username and password which can be used in LogicMonitor. Open PowerShell on the machine the collector is running on and enter:

    $hostname= (enter hostname here in quotes)
    $pass= (enter password here in quotes)
    $user= (enter username here in quotes)
    $remotepass= ConvertTo-SecureString -String $pass -AsPlainText -Force
    $remotecredential= new-object -typename System.Management.Automation.PSCredential -argumentlist $user, $remotepass
    Invoke-Command -ComputerName $hostname -ScriptBlock {@(Get-Process -ea silentlycontinue "svchost").Count} -credential $remotecredential

    Step 3: Once this is done the collector needs to be set to allow unrestricted Powershell scripts in the agent.conf file. For information on editing this file, see Editing the Collector Config Files.

    # powershell execution policy, could be one of "Restricted, AllSigned, RemoteSigned, Unrestricted"
    # Check https://technet.microsoft.com/en-us/library/ee176961.aspx for more
    powershell.policy=Unrestricted

    PowerShell Methods

    When creating the script in PowerShell, you first need to define the credentials we’re going to use to connect, this can be done with the following.

    # Pass credentials and hostname as arguments
    param ([string] $hostname, [string] $user, [string] $pass)
    # Change the password into a secure string to be used in the credentials
    $remotepass= ConvertTo-SecureString -String $pass -AsPlainText -Force
    # Build the credential
    $UserCredential= new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$remotepass

    Once the credential is created this can be used to create a PowerShell session or invoke a command on a remote computer.
Invoke command can be used on its own if a single command needs to be executed, if more than one command needs to be executed or a specific application is being connected to (Exchange) a PowerShell session can be created which can be reused.

    Here is an example of connecting to exchange using PowerShell (Kerberos Authentication requires the use of a fully qualified domain name) and gathering the database names and servers of exchange databases. We then close the session, as there are a limited number.

    # Get credentials from arguments
    param ([string] $fqdn, [string] $user, [string] $pass)
    # Build credentials
    $remotepass= ConvertTo-SecureString -String $pass -AsPlainText -Force
    $UserCredential= new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$remotepass
    # Create and import the session, import only grabs a single cmdlet in order to speed the connection and execution time up.
    $Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https:// $fqdn /PowerShell/ -Authentication Kerberos -Credential $UserCredential
    $importsession= Import-PSSession $Session -CommandName Get-MailboxDatabase -AllowClobber
    #Create output which logicmonitor understands for instance names
    $database= Get-MailboxDatabase -Status
    for each ($database in $database){
    Write-Host "$($database.Name)##$($database.Name)##$($database.Server)"
    }
    # Remove the PowerShell session
    Remove-PSSession $Session

    Another way to execute remote commands with PowerShell is by using the Invoke-Command cmdlet. Below is an example which is for active discovery in the Veeam Backups datasource (Veeam Commands need the Veeam PSsnapin)

    If a session is created, the Invoke-Command can be used multiple times to run multiple commands.

    # Get credentials from arguments
    param ([string] $hostname, [string] $user, [string] $pass)
    # Build Credential
    $remotepass= ConvertTo-SecureString -String $pass -AsPlainText -Force
    $remotecredential= new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$remotepass
    # Create Session
    $Session= New-PSSession -ComputerName $hostname -Credential $remotecredential
    # Invoke a command in the session created above and store the output in a variable for later processing. When using a Invoke-Command variables need to be passed, unlike Import-PSSession.
    $jobs= Invoke-Command -Session $session -ScriptBlock {
    Add-PSSnapin VeeamPSSnapin
    Get-VBRJob -WarningAction silentlyContinue
    }
    # Create instance names from Veeam backup jobs
    foreach ($jobs in $jobs){
    $jobName= $jobs.Name
    $jobDescription= $jobs.Description
    Write-Host "$jobName##$jobName##$jobDescription"
    }
    # Remove the session
    Remove-PSSession $Session

    Invoke-Command doesn’t access global variables, they need to be passed within the command. See below for an example.

    $jobs= Invoke-Command -Session $session -ScriptBlock {
    @($wildvaluePassed= $args [0];
    Add-PSSnapin VeeamPSSnapin
    Get-VBRJob -WarningAction silentlyContinue |  Where-Object {$_.Name -eq $wildvaluePassed})
    } -argumentlist $wildvalue

    Active Discovery

    Discovering instances in PowerShell can be an easy task. It usually consists of using a foreach loop to find each name in a PowerShell object and printing them in the format LogicMonitor can interpret.

    $database= Get-MailboxDatabase -Status
    foreach ($database in $database){
    # Prints the instances in the format wildvalue##wildalias##description
    Write-Host "$($database.Name)##$($database.Name)##$($database.Server)"
    }

    Collection

    To collect the data for LogicMonitor we can utilise the use of the ##WILDVALUE## defined in Active Discovery to find the data for specific instances.

    # Retrieve the WILDVALUE and credentials needed
    param ([string] $fqdn, [string] $user, [string] $pass, [string] $wildvalue)
    # Use the WILDVALUE to filter data in a powershell cmdlet$mailbox = Get-MailboxDatabaseCopyStatus | Where-Object {$_.Name -eq $wildvalue} | Select-Object Name,Status,CopyQueueLength,ReplayQueueLength,ContentIndexState

    When you want to send data to logicmonitor the best method of achieving this is by using numerical values, this might mean converting boolean or states to integers, but this can be done with switches. A good way of pushing the data to LogicMonitor is following the format below. We can then use regex or key-value pairs as interpretation methods inside datapoints.

    Write-Host "Result=$Result"
    Write-Host "Working=$Working"
    Write-Host "Completed=$Completed"
    Write-Host "AvgSpeed=$AvgSpeed"
    Write-Host "Duration=$DurationSeconds"
    Write-Host "FinishedAgo=$FinishedAgo"
    Write-Host "StartedAgo=$StartedAgo"
    In This Article