Monitor Windows Server 2008 Recycle Bin using Zabbix

I was recently given a task to capture the total size of deleted items in Recycle Bin for all user profiles on a server and report an alert when it reaches the defined threshold irrespective of the number of volumes on the server. The idea behind this was to ensure no one leaves large deleted files on their recycle bin that might lead to disk been full.

This is the approach I have taken to achieve this and it could be better, so I welcome suggestions and improvements. Note I have only tested this on Windows Server 2008, 2008R2 and this enumerates all volumes presents on the server as each volume will have its own recycle bin.

Step 1:

– Download this PowerShell script Get-RecycleBinSize from Microsoft Script Center

zabbix-recycle-01

– Create two .ps1 files and copy the following codes into each file and name as desired:

[box type=”info”]

cd /
. .\zabbix\scripts\Get-RecycleBinSize.ps1
Get-RecycleBinSize -ComputerName | where-object {$_.Size -ge 10000000} | Select Drive, User, @{n=’Size(GB)’;e={[int]($_.Size/1GB)}} | ft > c:\zabbix\Binresult.txt

[/box]

  • Filename: Recyclebin.ps1 – This script will output result of each users whose sum total of deleted files equal or greater than the specified threshold
  • Path: c:\zabbix\scripts\ (This is where I have saved all the scripts used in this project)
  • Servername: Enter the hostname of the server you are monitoring
  • Where-Object: This is where you define the total recycle bin size per user profile before it triggers. Any value less than that specified will not trigger an alert
  • Recyclebin-Result.txt:  This is the file you output the results to when the threshold is breached. This file will contain the drive letter, username and total size of files in user’s recycle bin
  • Binresult.txt: This is where the result will be outputted

[box type=”info”]

cd /
. .\zabbix\scripts\Get-RecycleBinSize.ps1
Get-RecycleBinSize -ComputerName | % { $totalspace = $totalspace + [System.Math]::Round($_.Size/1GB,0) }
$totalspace

[/box]

  • Filename: Recyclebin-total.ps1 – This script will output the total size of all deleted contents in all recycle bins on the server
  • Path: c:\zabbix\scripts\ (This is where I have saved all the scripts used in this project)
  • Servername: Enter the hostname of the server you are monitoring

Note: Ensure the 3 scripts (Get-RecycleBinSize.ps1; Recyclebin.ps1 & Recyclebin-total.ps1) are in same folder location (Mine are in c:\zabbix\script)

Step 2: Here we configure zabbix to run the PowerShell command to execute the Recyclebin.ps1 script so it gets the value of the result. I am assuming you are familiar with Zabbix, if not search for all my posts relating to zabbix using the search bar

– Log onto Zabbix, click on Configuration > Templates, click the items link for desired template

zabbix-recycle-02

– Click on Create Item on top right corner, then enter Key and other details as shown in screenshot below: Note I left a space between the opening square bracket and text ‘powershell’ so the code would be highlighted. So simply delete the space

[box type=”info”]

system.run[ powershell -command “& ‘c:\zabbix\scripts\recyclebin-total.ps1′”,]

[/box]

zabbix-recycle-03

– Click on Configuration > Hosts, locate the server been monitored and click on Items. Check the status column and make sure its not showing ‘Not supported‘. If its showing it, then click on it and it will automatically make it active

zabbix-recycle-04

– Click on Monitoring > Latest data, select the server been monitored under Host at top right corner, click the Application name and click the Graph for this monitor. If all went well, you should see line on the graph which is an indication that zabbix is getting the result from the the Recyclebin-total.ps1 script

zabbix-recycle-05

Step 3: Now we set the Trigger. This trigger will fire an alert whenever the threshold is breached…

– Click on Configuration > Templates > locate the template you are using and click on the Triggers link

zabbix-recycle-06

– Click Create Trigger and enter details as follows:

zabbix-recycle-07

Name: Enter trigger name
Expression:

[box type=”info”]

{Template_Windows:system.run[ powershell -command “& ‘c:\zabbix\scripts\recyclebin-total.ps1′”,].last(0)}>6

[/box]

or simply click the Add button and select the Item created in Step2 and set the trigger value to be either equals to or greater than 6 or any value of your choice. This value is technically in GB meaning it will trigger an alert when the total recycle bin size is more more 6GB
Severity: Warning

Step 4: We need to set an Action so when there is an alert, we will get an email notification and also zabbix will run the second script to generate the list of users and the size of their recycle bin. Note in my script I have set it to output only users whose recycle bin size is over 1GB meaning if 6 or more users have 1GB each in their recycle bin, this will trigger the alert and the second script will run and output the 6 users in a text file

– Click on Configuration > Actions > Create Action (Top right-hand corner). Enter details as shown below. You can also add an Action condition where this action only runs when the new Trigger occurs. This is useful where you have multiple Triggers

zabbix-recycle-08

– Next under Action operations, click on New > Select Operation type as ‘Send message’ > Select Single user or Group and click on the Select button to add the accounts. Note, if you haven’t created a user account with the email address then you will have to do that during this setup. As seen in the screenshot, I created a group called ‘RecycleBin’ just for testing 🙂

zabbix-recycle-09

– Next click New again and this time select Remote command. Enter Remote command as follows:

[box type=”info”]

{HOSTNAME}:powershell.exe -file c:\zabbix\scripts\recyclebin.ps1″

[/box]

zabbix-recycle-10

Remember to Save all changes made and there you go, all should be working… Feel free to comment if you need any assistance or run into any challenge

 
comments powered by Disqus