├── README.md ├── Zabbix Template └── Template__Windows_RDP_Terminal_Server.xml ├── conf └── rdp │ └── rdp.terminal.server.conf ├── scripts └── rdp.terminal.server.ps1 └── winApp └── rdp.terminal.server.msi /README.md: -------------------------------------------------------------------------------- 1 | # RDP ServerMonitoring 2 | 3 | > Improved by Ilias Aidar 24/09/2019 4 | 5 | > Originally created by Diego Cavalcante - 10/02/2017 6 | 7 | 8 | 9 | 10 | If you have a Windows RDP “Terminal Server” server, monitoring consists of collecting connection statistics from users. 11 | 12 | **ITEMS** 13 | * Total Active Users 14 | * Total inactive users 15 | * Name of active users 16 | * Name of inactive users 17 | * Remote IP Address of Active Users 18 | * Remote device hostname of active users 19 | * Terminal Service 20 | * Terminal Service License 21 | * RDP port status 22 | 23 | 24 | **TRIGGERS** 25 | * Number of Connected Users 26 | * Number of Logged Out Users 27 | * RDP Port Status 28 | * Remote Desktop Licensing Service Status 29 | * Remote Desktop Services Service Status 30 | 31 | 32 | ## 1. HOST PREPARATION 33 | Monitoring itself requires some adjustments to be made to the host prior to data collection. As an example in my environment there are some default directories that I use for Scripts and UserParameters. 34 | ``` 35 | Scripts: C:\app\zabbix\scripts 36 | UserParameters: C:\app\zabbix\conf\rdp 37 | ``` 38 | **NOTE:** Adjust according to your environment, within Host zabbix_agentd.conf, adjust the parameter: Include = and point to 39 | directory where it will contain your .conf files with the UserParameters. 40 | 41 | ## 2. INITIAL REQUIREMENTS 42 | 43 | * Open Powershell as Administrator and run the command and confirm: 44 | ``` 45 | Set-ExecutionPolicy Unrestricted 46 | ``` 47 | * If you have already done the above procedure on the Host, disregard and skip to the next request. 48 | * Put rdp.terminal.server.ps1 in the directory of your choice. 49 | * Put rdp.terminal.server.conf in the directory of your choice. 50 | * Install the rdp.terminal.server.msi Module 51 | * After installation, copy the folder C:\Users\YourUser\Documents\WindowsPowerShell\modules\PSTerminalServices\ 52 | * Paste the PSTerminalServices folder into C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ 53 | * Restart Zabbix Agent on the Host. 54 | 55 | ## 3. TESTS 56 | Open powershell and navigate to the script folder and test with the commands available below: 57 | * .\rdp.terminal.server.ps1 AСTIVE 58 | * .\rdp.terminal.server.ps1 ACTIVENUM 59 | * .\rdp.terminal.server.ps1 IP 60 | * .\rdp.terminal.server.ps1 DEVICE 61 | * .\rdp.terminal.server.ps1 INACTIVE 62 | * .\rdp.terminal.server.ps1 INACTIVENUM 63 | 64 | **NOTE:** If any errors appear while executing the commands, review all previous steps. 65 | 66 | ## 4. HOST MACROS 67 | The template uses separate macros, and must be registered in the monitored Host. 68 | {$RDPPORT} = Port that the RDP server is listening on, default 3389. 69 | {$RDPA} = Used for triggering, eg 5 if you want an alarm if there are more than 5 active users connected. 70 | {$RDPI} = Used for triggering, eg 5 if you want an alarm if there are more than 5 idle users connected. 71 | 72 | ## 5. TEMPLATE 73 | Import the Template - *Template__Windows_RDP_Terminal_Server.xml* into your Zabbix Frontend. 74 | * Register the above Macros on the Host. 75 | * Associate the Template with the monitored Host and wait for the collection. 76 | * Adjust the collection intervals, History retention period and Trend of items according to your environment. 77 | 78 | **NOTE:** If data is not collected, use and abuse zabbix_get to validate data collection. -------------------------------------------------------------------------------- /Zabbix Template/Template__Windows_RDP_Terminal_Server.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4.0 4 | 2019-09-24T11:35:42Z 5 | 6 | 7 | Template RDP 8 | 9 | 10 | 11 | 587 | 588 | 589 | 590 | {Template - Windows Terminal Server RDP:rdp.terminal.server[ACTIVENUM].last()}>{$RDPA} 591 | 0 592 | 593 | RDP ({ITEM.LASTVALUE}) Connected Users 594 | 0 595 | 596 | 597 | 0 598 | 2 599 | There are too many TS-connected users on the server right now, it can cause overload and loss of performance. Limit for this server = {$RDPA} 600 | 0 601 | 1 602 | 603 | 604 | 605 | 606 | {Template - Windows Terminal Server RDP:rdp.terminal.server[INACTIVENUM].last()}>{$RDPI} 607 | 0 608 | 609 | RDP ({ITEM.LASTVALUE}) Inactive Users 610 | 0 611 | 612 | 613 | 0 614 | 1 615 | There are too many TS inactive users on the server right now, it can cause overload and performance loss. Limit for this server = {$RDPI} 616 | 0 617 | 1 618 | 619 | 620 | 621 | 622 | {Template - Windows Terminal Server RDP:net.tcp.port[,{$RDPPORT}].last(0)}=0 623 | 0 624 | 625 | RDP Port ({ITEM.LASTVALUE}) 626 | 0 627 | 628 | 629 | 0 630 | 2 631 | Terminal Server port is not listening. 632 | 0 633 | 1 634 | 635 | 636 | 637 | 638 | {Template - Windows Terminal Server RDP:service.info[TermServLicensing].count(#3,0,gt)}=3 639 | 0 640 | 641 | Remote Desktop Licensing ({ITEM.LASTVALUE}) 642 | 0 643 | 644 | 645 | 0 646 | 2 647 | Service: TermServLicensing Name: Remote Desktop Licensing Description: Provides registered licenses for Remote Desktop Services clients. If this service is stopped, the server will not be available to issue Remote Desktop Services licenses to clients when they are requested. 648 | 0 649 | 1 650 | 651 | 652 | 653 | 654 | {Template - Windows Terminal Server RDP:service.info[TermService].count(#3,0,gt)}=3 655 | 0 656 | 657 | Remote Desktop Services ({ITEM.LASTVALUE}) 658 | 0 659 | 660 | 661 | 0 662 | 2 663 | Service: TermService Name: Remote Desktop Services Description: Allows users to interactively connect to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the check boxes on the Remote tab of the Control panel item System Properties. 664 | 0 665 | 1 666 | 667 | 668 | 669 | 670 | 671 | 672 | ★ RDP ★ Connections Statistics 673 | 900 674 | 200 675 | 0.0000 676 | 100.0000 677 | 1 678 | 1 679 | 0 680 | 1 681 | 0 682 | 0.0000 683 | 0.0000 684 | 0 685 | 0 686 | 0 687 | 0 688 | 689 | 690 | 0 691 | 5 692 | 00CC00 693 | 1 694 | 7 695 | 0 696 | 697 | Template - Windows Terminal Server RDP 698 | rdp.terminal.server[ACTIVENUM] 699 | 700 | 701 | 702 | 1 703 | 5 704 | F63100 705 | 0 706 | 7 707 | 0 708 | 709 | Template - Windows Terminal Server RDP 710 | rdp.terminal.server[INACTIVENUM] 711 | 712 | 713 | 714 | 715 | 716 | 717 | 718 | ★ STATUS ★ Check Port 719 | 720 | 721 | 0 722 | Inaccessible 723 | 724 | 725 | 1 726 | Open 727 | 728 | 729 | 730 | 731 | ★ STATUS ★ Service 732 | 733 | 734 | 0 735 | Initiated 736 | 737 | 738 | 1 739 | Slow 740 | 741 | 742 | 2 743 | Start Pending 744 | 745 | 746 | 3 747 | Leaning Pause 748 | 749 | 750 | 4 751 | Continue Pending 752 | 753 | 754 | 5 755 | Stop Pending 756 | 757 | 758 | 6 759 | Stopped 760 | 761 | 762 | 7 763 | Unknown 764 | 765 | 766 | 255 767 | Unknown 768 | 769 | 770 | 771 | 772 | 773 | -------------------------------------------------------------------------------- /conf/rdp/rdp.terminal.server.conf: -------------------------------------------------------------------------------- 1 | # Improved by Ilias Aidar - 24/09/2019 2 | # Originally created by Diego Cavalcante - 10/02/2017 3 | # Monitoramento Windows RDP - Terminal Server 4 | 5 | UserParameter=rdp.terminal.server[*],powershell.exe -noprofile -executionpolicy bypass -File C:\app\zabbix\scripts\rdp.terminal.server.ps1 $1 6 | -------------------------------------------------------------------------------- /scripts/rdp.terminal.server.ps1: -------------------------------------------------------------------------------- 1 | # Improved by Ilias Aidar - 24/09/2019 2 | # Originally created by Diego Cavalcante - 10/02/2017 3 | # Monitoring Windows RDP - Terminal Server 4 | 5 | Param( 6 | [string]$select 7 | ) 8 | 9 | # Active Users: Domain Name, Username, Computer Name, IP Address 10 | if ( $select -eq 'ACTIVE' ) 11 | { 12 | Import-Module PSTerminalServices 13 | Get-TSSession -State Active -ComputerName localhost | foreach {$_.DomainName, $_.UserName, $_.ClientName, (($_.IPAddress).IPAddressToString), ""} 14 | } 15 | 16 | # Total Active Users 17 | if ( $select -eq 'ACTIVENUM' ) 18 | { 19 | Import-Module PSTerminalServices 20 | Get-TSSession -State Active -ComputerName localhost | foreach {$_.UserName} | Measure-Object -Line | select-object Lines | select-object -ExpandProperty Lines 21 | } 22 | 23 | # Inactive Users: Domain Name, Username 24 | if ( $select -eq 'INACTIVE' ) 25 | { 26 | Import-Module PSTerminalServices 27 | Get-TSSession -State Disconnected -ComputerName localhost | where { $_.SessionID -ne 0 } | foreach {$_.DomainName, $_.UserName, ""} 28 | } 29 | 30 | # Toal Inactive Users 31 | if ( $select -eq 'INACTIVENUM' ) 32 | { 33 | Import-Module PSTerminalServices 34 | Get-TSSession -State Disconnected -ComputerName localhost | where { $_.SessionID -ne 0 } | foreach {$_.UserName} | Measure-Object -Line | select-object Lines | select-object -ExpandProperty Lines 35 | } 36 | 37 | # List of Remote Computer Names 38 | if ( $select -eq 'DEVICE' ) 39 | { 40 | Import-Module PSTerminalServices 41 | Get-TSSession -State Active -ComputerName localhost | foreach {$_.ClientName} 42 | } 43 | 44 | # List of Remoter IP Addresses 45 | if ( $select -eq 'IP' ) 46 | { 47 | Import-Module PSTerminalServices 48 | Get-TSSession -State Active -ComputerName localhost | foreach {(($_.IPAddress).IPAddressToString)} 49 | } 50 | -------------------------------------------------------------------------------- /winApp/rdp.terminal.server.msi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/iSmartyPRO/zabbix_template_rdp_monitoring/d29c33b6390c37010a57bcec71b76a68efec08b9/winApp/rdp.terminal.server.msi --------------------------------------------------------------------------------