June 29, 2015

With PowerShell, Pulseway Can Alert on Anything

Posted on June 29, 2015  •  4 minutes  • 833 words

The Pitch

Need to monitor some servers (and/or workstations)? Pulseway is a good solution. The configuration of what you want alerts on is as simple as putting checks in boxes.

The Fix (or, PowerShell to the Rescue!)

One seemingly overlooked option for Pulseway notifications is monitoring the event log. Sure, you could look for your bog standard event log entries. Audit results. Failed login attempts. GPO failures.

You know what is really good at manipulating the event log, not just viewing /filtering /clearing logs, but also adding events? PowerShell.

Yes, I was being vague and mysterious there. Don’t worry we’ll get into the nuts and bolts soon.

At a high level:

The Nut and Bolts

The first thing you need to do is get your event log ready to accept your custom events. This allows you to specify the ‘source’ of the events, which makes it easier to filter on them. I also like to put my PowerShell generated events in the Windows PowerShell log (rather than application, or security, or the like.)

New-EventLog -LogName 'Windows PowerShell' -Source 'DiskCheck'

This is something you only have to do once, going forward you’ll just be referencing the source you’ve created.

Next, you need to figure out what PowerShell should be checking and script it, including writing to the event log.

function Test-ConnectedDisk
    Param (
        [string] $Server,
        [string] $Disk

    $OsPartition = Get-Partition -DriveLetter $Disk -CimSession $Server -ErrorAction SilentlyContinue

    if (!$OsPartition)
        Write-EventLog -LogName 'Windows PowerShell' -Source 'DiskCheck' -EntryType Error -EventId 120 -Message 'DISK MISSING!' -ComputerName $Server
        Write-EventLog -LogName 'Windows PowerShell' -Source 'DiskCheck' -EntryType Information -EventId 121 -Message 'Disk is present and accounted for.' -ComputerName $Server

I like to put functions like the one above into a module so that they can be easily called by a PS Scheduled Job, and updated without touching the job itself. As for creating the job, I want this check to happen once an hour, on the hour. The job requires network access, as I run a few jobs from a ‘script’ server and touch remote servers.

$firstRun = Get-Date -Hour $((Get-Date).AddHours(1).Hour) -Minute 0 -Second 0

$jobTrigger = New-JobTrigger -Once -At $firstRun -RepetitionInterval (New-TimeSpan -Minutes 60) -RepeatIndefinitely
$jobOptions = New-ScheduledJobOption -RequireNetwork
$cred = Get-Credential

Register-ScheduledJob -Name 'Check Server Disk' -ScriptBlock {
    Test-ConnectedDisk -Server '' -Disk 'd'
} -Credential $cred -Trigger $jobTrigger -ScheduledJobOption $jobOptions

Now we need to get Pulseway checking for our new events, this is a case of opening up Pulseway Manager on the monitored server, selecting the Notifications tab, then the Event Log tab, hitting the check box, clicking add and filling out the details.

It’s important to remember to select the right Event Log (Windows PowerShell in this case), the event level, event ID and source that you specified within your script.

You can specify Pulseway’s notification level here. My boss set his notification for critical events to an air-raid siren, so I like to set things to that level.

Depending on your Pulseway configuration, and what level you set the notification to, you’ll get an email and/or alert whenever the event you’re looking for occurs. Note that unless you specifically allow repeat notifications, you won’t get more than one Pulseway alert until you have cleared the alarm.

Closing Notes

comments powered by Disqus
Follow me