We are looking to monitor all smbv1 sessions going to an older server that we are decomissioning - but need to figure out a way to log them over about a 2 week timeframe - i was thinking that we could run the powershell against the server remotely and just write the results, but wondered if there is already a sensor for this.
thanks, any info would be appreciated.
Hello Kevin,
Regarding what you would like to achieve, I indeed recommend to go with a custom script by using the EXE/Script or EXE/Script Advanced sensor. I invite you to have a look at the following manual for the format of the response expected by the EXE sensors: https://www.paessler.com/manuals/prtg/custom_sensors.
If there is event logs specific to SMB, you could also use the WMI Event Log sensor to monitor them. To add the corresponding event log file to the WMI class Win32_NTLogEvent and therefore to the sensor, you can follow the steps provided in this article: https://docs.datadoghq.com/integrations/faq/how-to-add-event-log-files-to-the-win32-ntlogevent-wmi-class/.
If you have questions, do not hesitate.
Regards.
Feb, 2022 - Permalink