Monitoring raid arrays in Windows Core

Hello!

In recent years, we are accustomed to what we can and need to monitor everything, a lot of tools ranging from simple logs, ending Zabbix, and everything can be linked. Microsoft, in turn, also gave us a great tool WinRM, with which we can monitor the status of operating systems and not only. But as always there is a fly in the ointment, the talk about the “bypass” of this fly in the ointment will be discussed.
')
As mentioned above, we have all the necessary tools for monitoring the IT structure, but it so happens that we do not have an “automated” tool for monitoring the state of the Intel raid arrays in the Windows core. I draw your attention to the fact that we are talking about the usual "yellow iron".

We all know that there is software from Intel, rapid and matrix storage, but unfortunately on the standard Windows core it does not work, there is also the raidcfg32 utility, it works in the command line mode, can handle manually and shows the status, also in manual mode . I think America has not opened for anyone.

It is not the best choice to constantly check the raid state in manual mode or wait for the virtualization server to fail.

To implement the cunning plan for monitoring automation Intel raid, we use
main tools:

• Powershell
• Eventlog
• Raidcfg32.exe
• Auxiliary:
• Winrm
• Rsyslog
• Loganalyzer

First you need to install the driver for the raid controller:
cmd.exe pnputil.exe -i -a [path to * .inf]

Copy raidcfg32.exe to c:\raidcfg32\

Check if the driver is installed correctly:
cmd.exe C:\raidcfg32\raidcfg32.exe /stv

If we get the state of raid and disks, then everything is ok

Create a source in the application log:

* Then everything is done in powershell

 New-EventLog -Source "RAID" -LogName "Application" 

Perform a raid state request, remove quotes to simplify parsing, include the contents of the file.

 c:\RAIDCFG32\RAIDCFG32.exe /stv > c:\RAIDCFG32\raidcfgStatus.txt Get-Content "c:\RAIDCFG32\raidcfgStatus.txt" | ForEach-Object {$_ -replace ('"'),' '} > c:\RAIDCFG32\raidstatus.txt $1 = Get-Content c:\RAIDCFG32\raidstatus.txt $2 = "$1" 

We are looking for keywords, if one of the words below is found, then the value error will appear in the errorRAID.txt file, this will indicate an error, if no match is found, then the value false will be written.

 $2 -match "failed" > c:\RAIDCFG32\errorRAID.txt $2 -match "disabled" >> c:\RAIDCFG32\errorRAID.txt $2 -match "degraded" >> c:\RAIDCFG32\errorRAID.txt $2 -match "rebuild" >> c:\RAIDCFG32\errorRAID.txt $2 -match "updating" >> c:\RAIDCFG32\errorRAID.txt $2 -match "critical" >> c:\RAIDCFG32\errorRAID.txt 

Connect the file with recorded true and false, look for the true file, if true is found, then replace it with Error, replace false with Information.

Entries result in EntryType.txt

 $3 = Get-Content c:\RAIDCFG32\errorRAID.txt $4 = "$3" $5 = $4 -match "true" $6 = "$5" $7 = $6 -replace "true", "Error" > c:\RAIDCFG32\EntryType.txt $8 = $6 -replace "false", "Information" >> c:\RAIDCFG32\EntryType.txt 

We include the contents of the file EntryType.txt and delete False in it, thereby displaying the correct -EntryType, which in turn is the “Level” of the message.

We write the message in the EventLog, where in case the keywords are found, the message level will be Error, if not found, then Information.

 $9 = Get-Content c:\RAIDCFG32\EntryType.txt $10 = "$9" $11 = $10 -replace "False" Write-EventLog -LogName Application -Source "RAID" -EventID 9999 -EntryType "$11" -Message "$1" exit 

Save the code in * .ps1

We create a task to run a script in the scheduler, I run the task 1 time per day and with each download.

If you are collecting logs from another Windows OS in the Eventlog, then on the log collector you need to create a source "RAID", an example is above.

We transport logs to rsyslog via Adison rsyslog for Windows.

The output is such a picture:



UPD.
Regarding the use of the store space, all servers with windows core on board are used in branch offices, only one server is installed in the branch and the core is used to get a “free” hypervisor and reduce the license cost.