The idea for this monitor was triggered by a problem someone posted about in the LabTechGeek Slack. This monitor will find any modifications that have been made to a standard windows host file, and return them. The test should be setup to do a condition contains “Standard host file” minus the “.

"%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -command "& {$Pattern = '^(?<IP>\d{1,3}(\.\d{1,3}){3})\s+(?<Host>.+)$';$File = \"$env:SystemDrive\Windows\System32\Drivers\etc\hosts\";$Entries = @();(Get-Content -Path $File) | ForEach-Object {If ($_ -match $Pattern) {If(($($Matches.IP) -ne \"127.0.0.1\" -or $($Matches.Host) -ne \"localhost\")) {$Entries += \"$($Matches.IP),$($Matches.Host)\"}}};if (($Entries | Measure-Object | select -ExpandProperty Count) -gt 0){Write-Output $($($Entries) -join \":\")}else{Write-Output \"Standard Host file\"};}"

Remote Monitor Tips

  • Remote monitors can sometimes take a good few minutes to install on all the agents
  • The return information doesn’t necessarily populate immediate – even when the monitor has changed from installing it can take a minute or two for the return information to show
  • Going into Automation > Monitors > System Monitors and putting a filter in the monitor name column of %monitorhere% will filter all remote monitors.
  • Add the column Monitor Status Information, if it is missing, and change the page size (top right) to 5000 to get a good overall view of what all monitors have returned