Hi @minntech ,
I’ll share how I accomplished this. I rarely use python as well so I’m sure there might be a better way, but this worked for me
The first thing I do, is wrap my powershell script code in python and have python create and execute the script when the procedure/monitor runs on the endpoint.
Here is a small example of the python code that executes a powershell script. I’ll break it down a little below and highlight the important parts
import os
import sys
import _winreg
def alert(arg):
sys.stderr.write("%d%d%d" % (arg, arg, arg))
# Please use "alert(1)" to turn on the monitor(trigger an alert)
# Please use "alert(0)" to turn off the monitor(disable an alert)
# Please do not change above block and write your script below
ps_content=r"""
#####Powershell Code Starts Here
<#
Invoke-iTarianAlert
.Version
0.0
.SYNOPSIS
Sample function that outputs a value to trigger iTarian RMM monitors
.OUTPUTS
System.Management.Automation.PSObject
.NOTES
Author: EZTechhelp
#>
function Invoke-iTarianAlert
{
param (
[String]$Monitored_Condition
)
if ($Monitored_Condition -eq 'Problem')
{
write-output 'alert(1)'
}
else
{
write-output 'alert(0)'
}
}
Invoke-iTarianAlert -Monitored_Condition "Problem"
#####Powershell Code Ends Here
"""
print ("Executing Powershell Script")
alertactive = "alert(1)"
alertinactive = "alert(0)"
def ecmd(command):
import ctypes
from subprocess import PIPE, Popen
class disable_file_system_redirection:
_disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
_revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
def __enter__(self):
self.old_value = ctypes.c_long()
self.success = self._disable(ctypes.byref(self.old_value))
def __exit__(self, type, value, traceback):
if self.success:
self._revert(self.old_value)
with disable_file_system_redirection():
obj = Popen(command, shell = True, stdout = PIPE, stderr = PIPE)
out, err = obj.communicate()
ret=obj.returncode
if ret==0:
if out:
if alertactive in out.strip():
alert(1)
print "!!Trigger value detected, raise the alarm!!"
return out.strip()
else:
alert(0)
print "Trigger value not detected, return to your duties"
return out.strip()
else:
return ret
else:
if err:
return err.strip()
else:
return ret
file_name='Invoke-iTarianAlert.ps1'
file_path=os.path.join(os.environ['TEMP'], file_name)
with open(file_path, 'wb') as wr:
wr.write(ps_content)
ecmd('powershell "Set-ExecutionPolicy RemoteSigned"')
print ecmd('powershell "%s"'%file_path)
os.remove(file_path)
- Your Powershell script code is placed inbetween the quotes of ps_content
```
ps_content=r"""
#Powershell script code goes here
“”"
<ul>
<li>Python prints an optional message (I like for verbose logging reasons) then sets 1 variable "alertactive"
<li>"Alertactive" contains the value that python will compare to powershells output after its executed
</ul>
print (“Executing Powershell Script”)
alertactive = “alert(1)”
<ul>
<li>Then this python code is what compares the powershell output to "alertactive" and then triggers or doesnt trigger the alert
</ul>
if alertactive in out.strip():
alert(1)
print “!!Trigger value detected, raise the alarm!!”
return out.strip()
else:
alert(0)
print “Trigger value not detected, return to your duties”
return out.strip()
<ul>
<li>Its checking if the value of "alertactive" is contained within out.strip() where "out" is the variable that holds all the values/data the powershell script output when it was executed
<li>In our example powershell script, when the script runs, if the $monitor_condition equals "Problem", the powershell script outputs a value of "alert(1)"
<li>So when python checks if powershells output ("out") contains the value of "alertactive" (which we previously set as "alert(1)") it matches in this case so python executes "alert(1)" directly which triggers the RMM alert
<li>It also prints a message that we found an alert trigger. Printed messages are similiar to write-host in powershell and these should show up in procedure logs and alert email messages
</ul> (NOTE: i've seen a varying degree of success with alert emails showing the output. Not sure if a bug. Most of the time it does. Its always shown within the logs for me at least)
<ul>
<li>If powershells output does NOT match "alertactive" (else) then python executes "alert(0)" which tells RMM there is no alert.
<li>"Return out.strip()" tells python to output the output of powershell. So if you have verbose messages in powershell this will allow them to show up in procedure logs and alert emails
</ul>
The rest of the python code should be fairly straight forward, it takes the ps_content and creates the powershell script (in temp directory), executes the script, then lastly removes the temporary powershell script
I hope that this might help you a little. Again, I'm sure there is a much easier way to do this, but this has worked consistently for me, since I pretty much only use powershell scripts
Thanks!
Mike