I tried to download an asset from Bonsai and create a check from it but the check does not appear to be executed, either on interval or when I ad hoc execute.
I have sensu-backend running on RHEL8 and sensu-agent running on Windows Server 2019.
The agent subscribes to a subscription that I made up called ‘win_system’. The check also has this subscription called out correctly.
Asset from Bonsai: sensu/sensu-windows-powershell-checks
Link to Asset on Bonsai: https://bonsai.sensu.io/assets/sensu/sensu-windows-powershell-checks
Here is the command I run to create the check which is successful. Note: I have tried tweaking the command to use ‘-Warning 75 -Critical 90’ but this did not work either
sensuctl check create check-win-cpu
–command ‘check-windows-cpu-load.ps1 75 90’
–interval 60
–subscriptions win_system
–runtime-assets sensu/sensu-windows-powershell-checks
I see the check if I run ‘sensuctl check list’. I am wondering if I am missing something fundamental to make this work. I did walk through the sensu doc on creating your first monitoring check for cpu on Linux and that works fine. But can’t get this working on the Win box.
Any help is appreciated. Thanks.
Hey,
because these are powershell scripts you have to specify that you want powershell to run them.
I don’t believe Windows supports the concept of shebang notation, so we can’t encode the interpreter we want the text file script to be processed with.
So… with that being said… you have to use a command that explicitly references that you want to use powershell: https://github.com/sensu/sensu-windows-powershell-checks#asset-command-usage-8
Powershell.exe -NonInteractive -NoProfile -ExecutionPolicy Bypass -NoLogo -Command check-windows-cpu-load.ps1 90 95
Ironically…
On a linux system with powershell for linux, there are a subset of those scripts in that collection that I can use with a shebang notation at the top of the script.
Windows is just… different. To work the way you want it to, I think you have to setup your windows so the ps1 file extention is associated with powershell.exe. But I’m not sure that a good idea, if it were a good idea, you’d think powershell would do that already.
@jspaleta thank you very much. I deleted the check and readded with the syntax you showed me. It still isn’t executing and I suspect it has something to do with what @aaronsachs was suggesting on Slack which is that the Asset didn’t download to the sensu-agent for some reason. When I navigate to the C:\Program Files\Sens\sensu-agent\cache . Can you think of a reason why the asset wouldn’t download/a way to force it to download?
Hey,
You are looking in the wrong path for the default agent service.
On my EC2 windows system, the location of the default cache directory is:
C:\ProgramData\Sensu\cache\sensu-agent\
https://docs.sensu.io/sensu-go/latest/reference/agent/#windows
If assets are not downloaded the check would still run and produce an event with an obvious error message.
have you looked at sensuctl event list
to see if an event associated with the check exists?
Does the entity exist in sensuctl entity list
?
Thank you Jeff. This is what I see in the cache directory. Aaron alluded to the fact that I should see a hash that corresponds to the asset that I have downloaded on the sensu-backend and I wasn’t seeing that which led me to think it wasn’t downloaded.
If I run sensuctl event list, I do not see an event for the check. If I run sensuctl entity list I do see the windows agent listed correctly there.
When I create the check on the sensu-backend I used the exact value I see when I run sensuctl asset list which is ‘sensu/sensu-windows-powershell-checks’
Is that the correct syntax to use though when creating a check from an asset? Do I need the ‘sensu/’ at the beginning like shown below?
–runtime-assets sensu/sensu-windows-powershell-checks
let’s back up.
If you don’t see an event in the event list then there is something else wrong in the configuration.
The check most likely has never run, so the asset will not be there. Assets are only downloaded by the agent if needed when a check is run.
So let’s backup and really make sure the agent is running and communicating with the backend.
First look at the sensuctl entity list
again and make sure the “Last Seen” for the entity is recent, within the last minute or so. If Last Seen appears statel, the agent service is probably not currently running or there is some other networking problem.
Also go back and check the sensuctl event list
, there should be a keepalive event associated with the agent running on that windows system, and the status of the keepalive event should be 0, indicating the agent has sent a keepalive event within the agent’s configured keepalive timeout interval. This is a doulbe check on the Last Seen above.
If all of that appears to be in order and the agent is currently communicating with the backend, you then need to verify that that there is a matching subscription between the check and the agent using sensuctl check list
and sensuctl entity list
Hey Jeff I ripped the whole agent out again from the windows box, went into the registry and nuked the service. When I reinstalled it is working now. Maybe I just needed a clean install, not sure. Thank you for all your help though.
1 Like