Worklet: Datadog Configuration Set in Windows

4 years ago
October 28, 2020
0 replies
141 views

Tony-Automox
Automox Employee
35 replies

This worklet takes two configurations that you upload to the worklet - eventlogs.yaml & default_agent_config.yaml - and copies them to the Datadog folders they belong to as conf.yaml and datadog.yaml respectively. It also takes an existing conf.yaml.default configuration and makes a copy of it as the conf.yaml file in its’ same directory.

A log is created in the Automox activity log, but it also creates a log locally on the machine in C:\vSOC_Tools.

Evaluation:

Exit 0

Remediation:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$datadogConfDir = 'C:\ProgramData\Datadog\'
$win32ConfDir = 'C:\ProgramData\Datadog\conf.d\win32_event_log.d\'
$diskConfDir = 'C:\ProgramData\Datadog\conf.d\disk.d'
$eventLogs = 'eventlogs.yaml'  #Uploaded File
$defaultAgent = 'default_agent_config.yaml'  #Uploaded File
$service = Get-Service -Name "Datadog Agent" -ErrorAction SilentlyContinue

Start-Transcript -Path C:\vSOC_Tools\test.log

# Create directories if they don't exist
If (-not (Test-Path ($datadogConfDir))) { 
    Write-Output "Creating Win32 Conf Directory"
    New-Item  -Path $datadogConfDir -ItemType "directory" 
}

If (-not (Test-Path ($win32ConfDir))) { 
    Write-Output "Creating Win32 Conf Directory"
    New-Item  -Path $win32ConfDir -ItemType "directory" 
}

If (-not (Test-Path ($diskConfDir))) { 
    Write-Output "Creating Win32 Conf Directory"
    New-Item  -Path $diskConfDir -ItemType "directory" 
}

# Fix configs and restart agent
Write-Output "Copying Win32 Conf"
Copy-Item $eventLogs -Destination "$win32ConfDir\conf.yaml" -Force

Write-Output "Copying Datadog Conf"
Copy-Item $defaultAgent -Destination "$datadogConfDir\datadog.yaml" -Force

If (Test-Path "$diskConfDir\conf.yaml.default") {
    Write-Output "Copying Disk Conf"
    Copy-Item "$diskConfDir\conf.yaml.default" -Destination "$diskConfDir\conf.yaml" -Force
}
else
{ Write-Output "$diskConfDir\conf.yaml.default does not exist" }

If ($service.length -gt 0) {
    Write-Output "Restarting Agent"
    Restart-Service $service -Force
}
else
{ Write-Output "$service does not exist" }

Stop-Transcript

Be the first to reply!

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Reply

Has any one created a windows 11 22h2 feature update worklet yet?icon

Server 2012 R2 Agent Service Fails to Starticon

Windows - Configuration - Windows 11 Feature Update - Delay Restarticon

Monthly Worklet Challenge with a Lego Otto Set!

Worklet (Windows) evaluation block not working reliablyicon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings