we ve one Windows 2012R2 System (physical) that is crashing server times per week.
The system isn t configured for check-mk until now.
My idea is to configure the system that everything is checked (every service, every logfile, every process) per default.
Which checks and switches must be set/ configured so that everything is detected an later starting servcices are detected and activated.
You should try the check_mk´agent and see what already is possible! Log messages can be monitored and even windows services pr processes. You can define seperate service names or make a rule for example: every service with the setting automatic start should be running (but on most windows systems this isn’t the case).
But keep in mind that cmk per default get these informations one time every minute. When the server suddenly completely crashes check_mk only notice that the server is offline or when the cmk agent service isn’t running you don’t get informations.
Maybe additionally some active checks are helpful (check TCP connection etc)
the second way to find hints in the dump-files.
testsystem is runing amd working now.
My questions now
chapter 5.1 and 5.2
ist it possible to use a wildcard so that everey process and service will be detected and configured?
You create a rule “Windows Service Discovery”. You can use a filter for examp,e olnly discover running services with automatic start settings:
Or you leave the enbtries blank to discover every services.
Define the wanted hosts via the folder or with explicit names or whatsever… I tested with one single host AS017 in my screenshot.
(I use only manually defined services so far.)
After you saved the rule open the host in WATO and run a FULL SCAN for new services:
To define the status OK/WARN/CRIT you have to use another rule. Default setting lokks like service running = OK, service stopped = CRIT.
I don’t know if this is also possible for processes.
I use a few single rules for one single process to check if the pricess is running. (Manual Checks -> State and count of processes)
Another interesting thing four you could also be the agent plugin for windows tasks! (but there are a lot more interesting plugins )
service detection is working fine.
The problem is that we have no idea what the customer is doing on the system.
So the idea is to catch every process for later analyse.
In the agent output every process is present with the information which user started the process.
I found a rule called Process Discovery! Maybe it works like the service discovery!
Host & Services Paramaters --> Parameters for discovered services --> Process Discovery
This ruleset defines criteria for automatically creating checks for running processes based upon what is running when the service discovery is done. These services will be created with default parameters. They will get critical when no process is running and OK otherwise. You can parameterize the check with the ruleset State and count of processes .
a support case is open via servicedesk.