Skip to main content

Huntress Repair

Summary

This document provides instructions on how to set up alerts for machines where the Huntress agent has stopped functioning as intended

Dependencies

CW RMM - Device Group - Machines with Huntress Agent
Huntress Agent (REPAIR)

Target

This monitor should target the group shown below:
TargetGroup

Monitor Creation

Step 1

Navigate to ENDPOINTSAlertsMonitors
Step1

Step 2

Locate the Create Monitor button on the right-hand side of the screen and click on it.
Step2

This page will appear after clicking on the Create Monitor button:
Step3

Step 3

Fill in the mandatory columns on the left side
Name: Huntress Repair
Description: This will check if the Huntress Agent is orphaned, and then it will try to repair it.
Type: Script
Severity: Critical Non-Impact Alerts
Family: Desktop Security
MonitorConfig

Step 4

Click the Select Target button to choose the endpoints for running the monitor set.
Step4

This page will appear after clicking on the Select Target button:
Step5

This monitor should target the group shown below:
TargetGroup

Step 5

Fill in the conditions on the right side
Run script on: Schedule
Repeat every: 24 Hours
Script Language: Powershell
Script Output: Huntress Agent is not Orphaned
Automatically resolve: Enabled
Run Automated Task: Huntress Agent (REPAIR)
Powershell Script:

   if (Test-Path 'C:\Program Files\Huntress\HuntressAgent.log') {
    $Path = 'C:\Program Files\Huntress\HuntressAgent.log'
} elseif (Test-Path 'C:\Program Files (x86)\Huntress\HuntressAgent.log') {
    $Path = 'C:\Program Files (x86)\Huntress\HuntressAgent.log'
} else {
    $Path = 'Huntress Log File Missing'
}

if ($Path -notmatch 'HuntressAgent.log') {
    Write-Output $Path
} else {
    $Log = Get-Content $Path | ForEach-Object {
        if ($_ -match '(?<time>\d+-\d+-\d+T\d+:\d+:\d+-\d+:\d+).+(?<level>(?<=level=)\w+).+(?<msg>(?<=msg=).*)') {
            $Matches.Remove(0)
            [PSCustomObject]$Matches
        }
    } | Where-Object {
        $_.level -match 'error' -and $_.msg -match 'status code:401'
    }

    if ($Log.count -ge 1) {
        Write-Output 'Huntress Agent is orphaned. Please uninstall and reinstall'
    } else {
        Write-Output 'Huntress Agent is not Orphaned'
    }
}

MonitorConfig1

Completed Monitor

CompleteMonitor