Unit Monitor to calculate Dell Server Intrusion Sensor Status.
This Health Monitor fetches the State of Dell Intrusion Sensors. The status can be one of the following three types:
Success: If the status is success, the chassis intrusion returned to normal.
Warning: If the status is warning, the chassis intrusion is in progress.
Critical: If the status is critical, it may indicate one of the following:
Chassis intrusion sensor has failed. Chassis intrusion sensor detected a nonrecoverable value.
Warning: The cause for a Warning status may be that a chassis intrusion sensor in the specified system has detected a system cover being opened while the system is still operating.
Critical: The cause for a Critical status may indicate one of the following:
A chassis intrusion sensor in the specified system detected that the system cover was opened while the system was operating.
A chassis intrusion sensor in the specified system detected an error from which it cannot recover. Additional details are available in the product knowledge of the last modified Dell OpenManage alert that caused the state change.
Perform the following steps for the Warning and Critical messages:
Warning: A Warning message refers to an event that is not necessarily significant, but may indicate a possible future problem. Plan to proactively close the system cover, based on the impact to operations, if the chassis intrusion sensor goes to a critical state.
Critical: A Critical message refers to a significant event that indicates actual or imminent loss of data or loss of function. Close the system cover. Additional details are available in the product knowledge of the last modified Dell OpenManage alert that caused the state change.
When the issue has been resolved, the status changes to Success in the next polling cycle.
| Target | Dell.WindowsServer.Sensors |
| Parent Monitor | System.Health.AvailabilityState |
| Category | AvailabilityHealth |
| Enabled | True |
| Alert Generate | False |
| Alert Auto Resolve | True |
| Monitor Type | Dell.WindowsServer.EventTriggeredScriptMonitorType.3StateScriptMonitorType |
| Remotable | True |
| Accessibility | Public |
| RunAs | Default |
Home
<UnitMonitor ID="Dell.WindowsServer.ServerIntrusionEventUnitMonitor" Accessibility="Public" Target="Dell.WindowsServer.Sensors" TypeID="Dell.WindowsServer.EventTriggeredScriptMonitorType.3StateScriptMonitorType" ParentMonitorID="SystemHealth!System.Health.AvailabilityState">
<Category>AvailabilityHealth</Category>
<OperationalStates>
<OperationalState HealthState="Success" MonitorTypeStateID="Success" ID="HealthyState"/>
<OperationalState HealthState="Warning" MonitorTypeStateID="Warning" ID="WarningState"/>
<OperationalState HealthState="Error" MonitorTypeStateID="Critical" ID="CriticalState"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.LogicalDevice"]/DeviceID$</ComputerName>
<LogName>System</LogName>
<EventExpression>
<And>
<Expression>
<Or>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>GreaterEqual</Operator>
<ValueExpression>
<Value Type="Integer">1250</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>LessEqual</Operator>
<ValueExpression>
<Value Type="Integer">1255</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>GreaterEqual</Operator>
<ValueExpression>
<Value Type="Integer">5250</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>LessEqual</Operator>
<ValueExpression>
<Value Type="Integer">5255</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</Or>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Server Administrator</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</EventExpression>
<ScriptName>DellServerIntrusionEventTrigger.vbs</ScriptName>
<Arguments>$MPElement$ $Target/Id$ $Config/Computer$</Arguments>
<ScriptBody>
'**********************************************************************************
' Script Name - DellServerIntrusion
' Author: Vignesh Pandian
'
' Description:
' Determine Unit Monitor health for ServerIntrusion
'
' (c) Copyright © 2009– 2017 Dell Inc, or its subsidiaries. All Rights Reserved
'**********************************************************************************
Option Explicit
On Error Resume Next
SetLocale("en-us")
Dim oArgs
Set oArgs = WScript.Arguments
if oArgs.Count < 3 Then
Wscript.Quit -1
End If
Dim strComputer, objDellConnection, LogMessage, sQuery, colItems, objItemIntrusion, IntrusionStatus, TargetComputer, prmDeviceID
TargetComputer = oArgs(2)
strComputer = "."
set objDellConnection = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2\Dell")
If Err.Number <> 0 Then
LogMessage = "WMI Cimv2Dell Error Number : " & Err.Number & ". Description :" & Err.Description
Err.Clear
Else
If IsEmpty(objDellConnection) Then
LogMessage = "Unable to open WMI Namespace root-cimv2-dell. Check to see if the WMI service is enabled and running, and Install/Re-Install ServerAdministrator to ensure this WMI namespace exists. " & Err
Else
sQuery = "Select * from Dell_Chassis"
Set colItems = GetObjectSet(objDellConnection, sQuery, "SystemClass", "Dell_Chassis")
If Err.Number <> 0 Then
LogMessage = sQuery & " Error Number:" & Err.Number & "Description:" & Err.Description
If Err.Number = -2147023169 Then
LogMessage = "RPC Failure occurred for namespace root-cimv2-dell"
End If
Err.Clear
End If
If colItems is Nothing Then
LogMessage = "Unable to retrieve CIM_Intrusion object"
Err.Clear
Else
LogMessage = "CIM_Intrusion object retrieved"
For Each objItemIntrusion in colItems
If Err.Number <> 0 Then
If Err.Number = -2147023169 Then
LogMessage = "RPC Failure occurred for cimv2\dell - bmc info : " & Err.Number
ElseIf Err.Number = -2147217389 Then
LogMessage = "If PWS present, Please Install/Re-Install ServerAdministrator on Dell Server : " & Err.Number
Else
LogMessage = "Object RetrievalLoop Error Number:" & Err.Number & "Description:" & Err.Description
End If
Err.Clear
End If
If Not objItemIntrusion is Nothing Then
IntrusionStatus = objItemIntrusion.SecurityBreach
End If
Next
End If 'colItems is nothing
Set colItems = Nothing
End If 'dellconnection is nothing
End If
If IntrusionStatus = "3" OR IntrusionStatus = "1" Then
IntrusionStatus = "OK"
ElseIf IntrusionStatus = "4" Then
IntrusionStatus = "Warning"
ElseIf IntrusionStatus = "5" Then
IntrusionStatus = "Error"
End If
Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
Call oBag.AddValue("Status",IntrusionStatus)
Call oAPI.Return(oBag)
' *** Add double query fix
' Function to retrieve the object
Function GetObjectSet(ByRef objDellConnection, SelectQuery, Attribute, objName)
Dim retry, retryFlag
Dim objItem, arrURL, logMessage
On Error Resume Next
RetryFlag = False
For retry = 0 To 1
MOMDebugLog 1, "Retrying for " & retry & " time..."
Set GetObjectSet = objDellConnection.ExecQuery(SelectQuery)
LogErrorNumber(objName)
If (GetObjectSet is Nothing) Or (IsNull(GetObjectSet)) Then
logMessage = "INFO: Unable to retrieve " & objName & " Attributes"
MOMDebugLog 1, logMessage
WScript.Sleep(1000)
RetryFlag = True
Else
logMessage= "INFO: " & objName & " attributes retrieved successfully"
MOMDebugLog 1, logMessage
If Attribute = "__COUNT__" Then
Exit For
End If
For Each objItem in GetObjectSet
If LogErrorNumber(objName) = 0 Then
If Not objItem is nothing Then
Dim attrVal : attrVal = objItem.Properties_.Item(Attribute)
If IsNull(attrVal) Or Len(attrVal) <= 0 Then
MOMDebugLog 1, Attribute & " value is null or empty"
RetryFlag = True
WScript.Sleep(500)
Exit For
Else
Exit Function
End If
End If
End If
Next
If RetryFlag = False Then
Exit For
End If
End If
Next
End Function
Function LogErrorNumber(objName)
Dim logMessage
LogErrorNumber = Err.Number
If Err.Number <> 0 Then
Select Case Err.Number
Case -2147749904
logMessage = "CIM Object not found"
Case -2147749902
logMessage = "Dell CIM object not found"
Case -2147023169
logMessage = "RPC Failure occurred for namespace root-cimv2-dell"
Case -2147217389
logMessage = "Please Install/Re-Install ServerAdministrator on Dell Server!"
Case -2147217394 '0x8004100E
logMessage = "Not able to find Dell CIM object"
Case -2147217392 '0x8004100C
logMessage = "Not able to find the collection"
Case -2147749890
logMessage = "Object cannot be found"
Case -2147749892
logMessage = "Object cannot be found"
Case Else
logMessage = "Unable to retrieve " & objName
logMessage = logMessage & " Err Number:" & Err.Number
logMessage = logMessage & " Err Descr:" & Err.Description
End Select
MOMDebugLog 1, "ERROR: " & logMessage
End If
End Function
'*** Add MOMDebug
Const DEBUG_LOG_FILENAME = "DellServerIntrusionEventTrigger.log"
Dim loginited: loginited = False
Dim objLogTextFile, objLogFSO
Sub InitLog(strFileName)
' Begin Logheader
If logLevel <> 0 And loginited = False Then
Dim fileSize, strOutFile
Const ForAppending = 8
Const ForWriting = 2
Const MaxFileSize = 524288 'File Size is limited to 512 KB
dim wsShell : Set wsShell = Createobject("WScript.Shell")
dim wshSysEnv : Set wshSysEnv = wsShell.Environment
dim tFolder : tFolder = wshSysEnv("TEMP")
dim wshPrcEnv : Set wshPrcEnv = wsShell.Environment("Process")
tFolder = Replace(tFolder, "%SystemRoot%", wshPrcEnv("SYSTEMROOT"), 1, -1, vbTextCompare)
Set objLogFSO = CreateObject("Scripting.FileSystemObject")
If Not objLogFSO.FolderExists(tFolder) Then
objLogFSO.CreateFolder(tFolder)
End If
strOutFile = tFolder & "\"& strFileName
WScript.Echo strOutFile
If Not objLogFSO.FileExists(strOutFile) Then
Set objLogTextFile = objLogFSO.CreateTextFile(strOutFile)
objLogTextFile.Close()
End If
fileSize = objLogFSO.GetFile(strOutFile).Size
If (fileSize > MaxFileSize) Then
Set objLogTextFile = objLogFSO.OpentextFile(strOutFile, ForWriting, True)
Else
Set objLogTextFile = objLogFSO.OpentextFile(strOutFile, ForAppending, True)
End If
loginited = True
MOMDebugLog 1, "------------------------------------------------------"
MOMDebugLog 1, "INFO: Script - " & strFileName & ": Start()"
Err.Clear
End If
End Sub
Sub MOMDebugLog (ByVal debugLevel, ByVal Message)
'On Error Resume Next
If (debugLevel > 0) and (debugLevel <= logLevel) Then
If loginited = False Then
InitLog DEBUG_LOG_FILENAME
End If
objLogTextFile.WriteLine(Now() & " ---- " & Message)
Err.Clear
End If
End Sub
Sub CloseLog
' Begin Logheader
If loginited = True Then
objLogTextFile.Close
End If
End Sub
CloseLog
</ScriptBody>
<TimeoutSeconds>300</TimeoutSeconds>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Status']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">OK</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
<WarningExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Status']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Warning</Value>
</ValueExpression>
</SimpleExpression>
</WarningExpression>
<CriticalExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='Status']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Error</Value>
</ValueExpression>
</SimpleExpression>
</CriticalExpression>
</Configuration>
</UnitMonitor>