Logmond - Alerts customization examples
Alerts customization examples
You will find below some examples of alerts that can be sent from the nolicense.bat
file
Reminder: Interactive applications are not allowed
Creating a Windows Event
powershell -command "New-Eventlog -Logname application -Source Charon -Erroraction silentlycontinue;Write-Eventlog -Logname application -Source Charon -Entrytype Error -Eventid 314 -Message 'Charon license dongle disconnected'"
It is recommended to use the powershell command to write events instead of the "eventcreate" command line as some other events are created with powershell scripts. Using the eventcreate command in this case will fail as the source, Charon, will not be accepted.
Example:
The "Event Id" can be set at your convenience. A valid ID is any number from 1 to 65535.
Sending an email via powershell
An alert email can be sent using the "Send-MailMessage
" powershell command however it is important to know no interactive command can be executed (for asking the sender's credentials for example).
You can either ask the nolicense.bat
file to invoke a powershell script or pass the commands from the command line
Examples below are given with Powershell V4.0 installed on a Windows 2012 R2 server, some commands may not be appropriate to your Windows distribution.
To determine which version of Powershell is installed and upgrade if necessary, see Powershell version, upgrade, enabling scripts execution, tips and tricks
To run PowerShell scripts (files that end with .ps1), you must first set the execution policy to Unrestricted (This operation has to be done once).
To do so, open a command line window (cmd.exe) as an Administrator and use the following command:
c:\Charon>powershell -command "Set-ExecutionPolicy Unrestricted"
The ExecutionPolicy can also be set to "RemoteSigned
". In this case the .ps1
script files will have to be unblocked as described below.
If you are still prompted to allow for execution of the script, please run the following command to unblock the .ps1
file you want to execute:
c:\Charon>powershell -command "Unblock-File -path c:\Charon\sendmail.ps1"
Example using an office365 account
Create a powershell script file, named sendmail.ps1
for example and located in "C:\Charon
" folder:
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" # Send the email send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -smtpserver smtp.office365.com -usessl -port 587 -delivery none
If you must specify multiple recipients, you can specify them using an array with comma separated fields.
Example1:
$To = @( "Kirk <Kirk@uss-enterprise.fed>", "Spock <spock@uss-enterprise.fed>"
)
Example2:
$To = @( "Kirk@uss-enterprise.fed", "Spock@uss-enterprise.fed", "McCoy
@uss-enterprise.fed"
)
Update the nolicense.bat
file as follows:
powershell -NonInteractive -File C:\Charon\sendmail.ps1
The problem here is the email account mentioned in the $Myemail
variable must be able to send anonymous emails otherwise the following error can occur:
"Client was not authenticated to send anonymous mail during MAIL FROM
"
If the account cannot send anonymous emails, you can perform an interactive test by asking for the credentials:
The "<monitoring-account>@<somewhere>" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" # The command below will open a window for you to store the password $Creds=(get-credential -credential "$From") # Send the email (credentials are then required each time) send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -smtpserver smtp.office365.com -usessl -port 587 -delivery none -credential $Creds
This method cannot be used when executed within a service due to the popup window that will be opened to ask for the email account password.
To be able to send an email, we can then store the credentials in an encrypted and protected file. This is done using the Export-CliXML
powershell command. As this file will be bound to the server where the command is issued and to the user account who created the file, we need to perform the operations as "system
" user account because this user is the one running the logmond
processes that will invoke the nolicense.bat
file.
It is necessary then to use psexec
from the Windows Sysinternals kit. It can be downloaded here: https://technet.microsoft.com/en-us/sysinternals/psexec.aspx
Once extracted from the zip file, to the "C:\Charon
" folder for example, run the following command from the command line running as Administrator:
C:\...> C:\Charon\psexec -i -s cmd.exe |
and generate the CliXML file as described below:
|
If it is no more needed, remove the "psexec.exe
" file.
If the sender's email address or its password has to be changed, the .clixml
file will have to be recreated.
Now update the powershell script as follows:
The "<monitoring-account>@<somewhere>" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@<somewhere>" $To = "<someone>@<somewhere>" $Creds = Import-CliXml C:\Charon\creds.clixml send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -credential $Creds -smtpserver smtp.office365.com -usessl -port 587 -delivery none
Once updated, the script will only work when executed by the "system
" account and on the server where the Export-CliXML
powershell command was issued.
Example using a gmail account
To send an email using a gmail account, perform the same operations as described in the Example using an office365 account chapter above and replace the smtpserver
value by smtp.gmail.com
as shown below:
The "<monitoring-account>@gmail.com" and "<recipient>@<somewhere>" values must be adapted to your configuration
# Update the email addresses below: $From = "<monitoring-account>@gmail.com" $To = "<someone>@<somewhere>" $Creds = Import-CliXml C:\Charon\creds.clixml send-mailmessage -to $To -from $From -subject "Charon detected removal of the license" -body "Please check" -credential $Creds -smtpserver smtp.gmail.com -usessl -port 587 -delivery none
Only the smtpserver
value must be changed
Google may block sign-in attempts when using powershell and send-mailmessage. In this case the sender will receive a "Sign in attempt prevented" alert email. To allow emails to be sent:
- Create a dedicated gmail account
Allow less secure apps to access your account. See this article: https://support.google.com/accounts/answer/6010255?hl=en
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.