Please take a moment to read http://bit.ly/demandglobalchange, to help share the message and support the initiative to tell our leaders to focus on addressing the global world problems, instead of complaining about the effects of their lack of leadership. Be a leader yourself, and share this with as many people as possible. #demandglobalchange // https://www.facebook.com/demandglobalchange



Please consider donating: https://www.corelan.be/index.php/donate/


602 views | This page as PDF

Monitoring modems with OpsMgr 2007

In this short post, I’ll explain one of the techniques to monitor whether a modem is listening for incoming calls on a machine, using Operations Manager 2007. Assuming that you may have some modems that get turned on when someone needs to dial in (for whatever reason), and *should* be disconnected afterwards. So you would like to get alerted when a modem is turned on and RRAS is configured to put the modem in listening mode.

This is how it works :

Create a Unit monitor – Scripting – Two state monitor

Target Windows Operating System. Keep the monitor disabled for now. Save the monitor in a custom management pack.

Schedule : run every 15 minutes or so

022008_2033_Monitoringm1

Script : choose a good name for the script (e.g. checkifmodemison.vbs) and set the timeout (1 minute should be ok)

Option Explicit

‘ Script that runs an external tool and tries to

‘ determine if a modem is turned on and listening or not

‘ Written by Peter Van Eeckhoutte

‘ https://petersblog.dyndns.org:8899

‘ peter.ve@telenet.be

‘ Feb 2008

‘ version 1.0

Dim oArgs

Set oArgs = Wscript.Arguments

Dim oAPI

Dim objShell

Dim objScriptExec††††

Dim oBag

Dim modemturnedon

modemturnedon="false"

Set oAPI = CreateObject("MOM.ScriptAPI")

‘get args

If oArgs.Count < 2 Then

‘ If the script is called without the required arguments,

‘ create an information event and then quit.

Call oAPI.LogScriptEvent(Wscript.ScriptName,101,2,Wscript.ScriptName + " script was called without the necessary 2 arguments ( and was not executed.")

Wscript.Quit -1

End If

††

Call oAPI.LogScriptEvent(Wscript.ScriptName,101,0,Wscript.ScriptName+" script was launched with " + Cstr(oArgs.Count) + " arguments.")

††

††

‘launch getmodemstatus

Set objShell = CreateObject("WScript.Shell")

Set objScriptExec = objShell.Exec(oArgs(0)+" "+oArgs(1))

modemturnedon= trim(objScriptExec.StdOut.ReadLine)

††

Set oBag = oAPI.CreatePropertyBag()

Call oBag.AddValue("ModemTurnedOn",modemturnedon)

Call oAPI.LogScriptEvent(WScript.ScriptName,101,0,WScript.ScriptName+" script completed successfully. ModemTurnedOn : "+modemturnedon)

Call oAPI.Return(oBag)

††

You can download the latest copy of the script from here :

Leave the parameters field empty for now.

Unhealthy expression :

022008_2033_Monitoringm2

Healthy expression :

022008_2033_Monitoringm3

Set the monitor health states

022008_2033_Monitoringm4

Set alerting properties

022008_2033_Monitoringm5

Save the monitor

On every host that needs to be monitored, you need to put a small executable : getmodemstatus.exe

Download from here
Please log in to download GetModemStatus.zip (2.3 KiB)

Create an override for the monitor, and select the server that needs to be monitored.

022008_2033_Monitoringm6

Enable the monitor and set the parameters as follows :

"" "comport where the modem is connected to"

Save the override. Wait until the management pack gets distributed and the script kicks in.

You should see the following 2 events when the script runs :

022008_2033_Monitoringm7

022008_2033_Monitoringm8

If the modem is turned on, the second event will show this in the description :

022008_2033_Monitoringm9

If everything has been set up, you should now get an alert in OpsMgr

022008_2033_Monitoringm10

If the modem is turned off again and RRAS does no longer grab the comport , the alert will be resolved (if that is how you’ve set up the alerting properties)

Enjoy !

© 2008 – 2009, Corelan Team (corelanc0d3r). All rights reserved.

Related Posts:

Comments are closed.

Corelan Live training

Since 2011, Corelan GCV has been teaching live win32 exploit dev classes at various security cons and private companies & organizations.

You can read more about the training and schedules here

Demand Global Change

The world needs your help !

Please take a few moments to read the "Demand Global Change Call For Action" document at
http://bit.ly/demandglobalchange
Read the full document at
http://bit.ly/demandglobalchange_full and share the message with as many people as possible.

Like the Facebook page, and SHARE it with everyone you know.



Donate

Want to support the Corelan Team community ? Click here to go to our donations page.

Want to donate BTC to Corelan Team?



Your donation will help funding server hosting.

Protected by Copyscape Web Plagiarism Tool

Corelan Team Merchandise

You can support Corelan Team by donating or purchasing items from the official Corelan Team merchandising store.

Corelan on IRC

You can chat with us and our friends on #corelan (freenode IRC)

Categories