PowerShell Script Monitors Security Logs and Sends Email Alerts

function Get-ADAuditLogsv2{

Param ($from = “abc@domain.local”,
$smtpserver=”172.16.1.16″,
$to=”ITserviceDesk@domain.local”,
$servers = (“DCVM01”),
$eventids = @(1076,1039),
$date = ((Get-Date).AddMinutes(-60))

)
$ErrorActionPreference= ‘silentlycontinue’
foreach ($server in $servers){
foreach ($eventid in $eventids) {

$events = Get-WinEvent -FilterHashtable @{logname=’security’;id=$eventid;StartTime=$date} -ComputerName $server
if ($events -ne $null){
foreach ($event in $events){
$eventmessage=$event.message.split(“`n”)[0..16]
$eventsubject=$event.message.split(“`n”)[0]
$eventsubject=$eventsubject.replace(“`n”, “”)
$eventsubject=$eventsubject.replace(“`r”, “”)
$timecreated=$event.timecreated
$body = @($timecreated,$eventmessage )| Out-String
$subject= “Event ID” + ” ” + $eventid + ” ” + $eventsubject
Send-MailMessage -Body $body -From $from -SmtpServer $smtpserver -Subject $subject -To $to
}
}

}

}
Get-Date | Out-File c:\errorlog.txt -Append -Force
$Error | Out-File c:\errorlog.txt -Append -Force
}
Get-ADAuditLogsv2

Advertisements

Monitoring Cluster Shared Volume – PowerShell

I have found this but haven't tested yet. I will tweak and use it soon.
#Cluster Shared Volume Free Disk Space
#Emails results of CSV free space on CLUSTER1
#Created 03-08-2011
#-------------------------------------------------------------------------------------------------

#Import Failover Cluster PowerShell Module--------------------------------------------------------
Import-Module FailoverClusters
#-------------------------------------------------------------------------------------------------

#Begin customization-------------------------
$SmtpServer = "mail.company.com" #Enter FQDN of SMTP server
$SmtpFrom = "CSV Status <CSVFreeSpace@company.com>" #Enter sender email address
$SmtpTo = "you@company.com" #Enter one or more recipient addresses in an array ("abc@company.com","def@company.com")
$SmtpSubject = "CLUSTER1 CSV Free Disk Space Report" #Enter subject of message
#End customization---------------------------

#Get Cluster Shared Volume details and put into array. Convert results from bytes into gigabytes.
$objs = @()

$csvs = Get-ClusterSharedVolume
foreach ( $csv in $csvs )
{
   $csvinfos = $csv | select -Property Name -ExpandProperty SharedVolumeInfo
   foreach ( $csvinfo in $csvinfos )
   {
      $obj = New-Object PSObject -Property @{
         Name        = $csv.Name
         Path        = $csvinfo.FriendlyVolumeName
         Size        = $csvinfo.Partition.Size
         FreeSpace   = $csvinfo.Partition.FreeSpace
         UsedSpace   = $csvinfo.Partition.UsedSpace
         PercentFree = $csvinfo.Partition.PercentFree
      }
      $objs += $obj
   }
}

#Original code
#$objs | ft -auto Name,Path,@{ Label = "Size(GB)" ; Expression = { "{0:N2}" -f ($_.Size/1024/1024/1024) } },@{ Label = "FreeSpace(GB)" ; Expression = { "{0:N2}" -f ($_.FreeSpace/1024/1024/1024) } },@{ Label = "UsedSpace(GB)" ; Expression = { "{0:N2}" -f ($_.UsedSpace/1024/1024/1024) } },@{ Label = "PercentFree" ; Expression = { "{0:N2}" -f ($_.PercentFree) } }
#-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

#Give a brief description of the output
$output = "The following shows the amount of free space available on the cluster shared volumes on DRSRVVSA."
#Modified code that puts results into a variable and formats results into list format
$output += $objs | fl Name,Path,@{ Label = "Size(GB)" ; Expression = { "{0:N2}" -f ($_.Size/1024/1024/1024) } },@{ Label = "FreeSpace(GB)" ; Expression = { "{0:N2}" -f ($_.FreeSpace/1024/1024/1024) } },@{ Label = "UsedSpace(GB)" ; Expression = { "{0:N2}" -f ($_.UsedSpace/1024/1024/1024) } },@{ Label = "PercentFree" ; Expression = { "{0:N2}" -f ($_.PercentFree) } } | out-string
#------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

#Email results
$SmtpClient = New-Object System.Net.Mail.SmtpClient
$MailMessage = New-Object System.Net.Mail.MailMessage
$SmtpClient.Host = $SmtpServer
$MailMessage.From = $SmtpFrom
Foreach ($address in $smtpTo)
	{$MailMessage.To.Add($address)}
$MailMessage.Subject = $SmtpSubject
#$MailMessage.IsBodyHTML = $true
$MailMessage.Body = $output
$SmtpClient.Send($MailMessage)

 

Hyper-V 2012 Snapshots / Checkpoints

Virtual machine checkpoints (formerly known as virtual machine snapshots) capture the state, data, and hardware configuration of a running virtual machine. In Windows Server 2012 R2, virtual machine snapshots were renamed to virtual machine checkpoints in Hyper-V manager to match the terminology used in System Center Virtual Machine Management. Checkpoints provide a fast and easy way to revert the virtual machine to a previous state. For this reason, virtual machine checkpoints are intended mainly for use in development and test environments. Having an easy way to revert a virtual machine can be very useful if you need to recreate a specific state or condition so that you can troubleshoot a problem.

We have got a few options when it comes to checkpoints; create, apply and delete them.

The last two always  confuse me and I wanted to test it myself in my lab environment. I created a VM server 2012 R2 and just right clicked and choose create a checkpoint.

snap11

snap1

Folder structure;

snapFolder

Before the checkpointsnapFolder1

After the checkpoint;

snapFolder2

Now let me change some settings on the server; Background changed and a folder and a file created on the desktop.

snap3

APPLYING the CheckPoint; (I think the name is misleading)

snap4

Clicked on that…

snap5

So looks like if you want to just in case keep the changes on a different chackpoint, you can create a new one but I don’t want it now as I want to see what will happen just for applying.

snap6

VM in the background greyed out and status showing as starting..

snapRestore

And then a few seconds later status showing as RESTORING….

snap7

snap11

snap89

Looks like everything taken back to the beginning and I still got the checkpoint. So All the changes I have made have been deleted.

snapFolder2

And now what will happen if I choose DELETE CHECKPOINT

Again i have made some changes.

snap8999

snap89998

Chose delete checkpoint…..

snap89998a

It has deleted the checkpoint and also copied and saved all the changes on to the original VM.

snapFolder1

No snapshots in the folder where they normally saved.

Common Issues with deleting;

  • Deleting snapshots, but they failed to merge because there is not enough space on the disk (error 0x80070070)
Fix: If possible, free up storage space on the volume where the .vhd file is located. In some cases this might not be possible. For example, the space is occupied by .vhd and .avhd files only. If you cannot free up space on the current volume, export the virtual machine to a volume that has sufficient disk space to allow the merge to complete. The process of exporting the virtual machine to delete snapshots consists of the following steps:
  1. Export the virtual machine from the current location.
  2. Import the virtual machine to a location that has sufficient storage space. The location should be a different volume on the same host to avoid configuration problems.
  3. If the version of Hyper-V is earlier than Windows Server 2008 R2, turn on the virtual machine and then shut it down, to trigger the merge process at the new storage location.
  4. If you want to move the virtual machine back to the original location, free up additional space. Then, import the virtual machine back to the original location.

Very useful link from Microsoft….

https://technet.microsoft.com/en-us/library/dn818483(v=ws.11).aspx

 

Microsoft Scale-Out File Server

Scale-out File Server: Traditional file share prior to Server 2012 had some sort of limitations and in some cases these limitations turned into issues. Allowing only one node in the cluster to access the disk associated with the virtual file server and SMB file share brings limited I/O throughput in the cluster.

1fo.GIF

With Server 2012, in Failover clustering you have got another option; Scale-out file server for application data. This allows multiple nodes to have simultaneous high speed direct I/O access to disk associated with SMB shares on cluster shared volumes. Load balancing across the cluster is achieved with a new cluster resource called the Distributed Network Name (DNN), which uses a round robin scheduling algorithm to select the next node in the cluster for SMB connections.

20o

Key benefits provided by Scale-Out File Server in include:

  • Active-Active file shares: All cluster nodes can accept and serve SMB client requests. By making the file share content accessible through all cluster nodes simultaneously, SMB 3.0 clusters and clients cooperate to provide transparent failover to alternative cluster nodes during planned maintenance and unplanned failures with service interruption.
  • Increased bandwidth: The maximum share bandwidth is the total bandwidth of all file server cluster nodes. Unlike previous versions of Windows Server, the total bandwidth is no longer constrained to the bandwidth of a single cluster node; but rather, the capability of the backing storage system defines the constraints. You can increase the total bandwidth by adding nodes.
  • CHKDSK with zero downtime: CHKDSK in Windows Server 2012 is significantly enhanced to dramatically shorten the time a file system is offline for repair. Clustered shared volumes (CSVs) take this one step further by eliminating the offline phase. A CSV File System (CSVFS) can use CHKDSK without impacting applications with open handles on the file system.
  • Clustered Shared Volume cache:  CSVs in Windows Server 2012 introduces support for a Read cache, which can significantly improve performance in certain scenarios, such as in Virtual Desktop Infrastructure (VDI).
  • Simpler management: With Scale-Out File Server, you create the scale-out file servers, and then add the necessary CSVs and file shares. It is no longer necessary to create multiple clustered file servers, each with separate cluster disks, and then develop placement policies to ensure activity on each cluster node.
  • Automatic rebalancing of Scale-Out File Server clients: In Windows Server 2012 R2, automatic rebalancing improves scalability and manageability for scale-out file servers. SMB client connections are tracked per file share (instead of per server), and clients are then redirected to the cluster node with the best access to the volume used by the file share. This improves efficiency by reducing redirection traffic between file server nodes. Clients are redirected following an initial connection and when cluster storage is reconfigured.

But scale-out file servers are not ideal for all scenarios. Microsoft gives us some examples of server applications that can store their data on a scale-out file share which are;

  • The Internet Information Services (IIS) Web server can store configuration and data for Web sites on a scale-out file share.
  • Hyper-V can store configuration and live virtual disks on a scale-out file share.
  • SQL Server can store live database files on a scale-out file share.
  • Virtual Machine Manager (VMM) can store a library share (which contains virtual machine templates and related files) on a scale-out file share. However, the library server itself can’t be a Scale-Out File Server – it must be on a stand-alone server or a failover cluster that doesn’t use the Scale-Out File Server cluster role. If you use a scale-out file share as a library share, you can use only technologies that are compatible with Scale-Out File Server. For example, you can’t use DFS Replication to replicate a library share hosted on a scale-out file share. It’s also important that the scale-out file server have the latest software updates installed. To use a scale-out file share as a library share, first add a library server (likely a virtual machine) with a local share or no shares at all. Then when you add a library share, choose a file share that’s hosted on a scale-out file server. This share should be VMM-managed and created exclusively for use by the library server. Also make sure to install the latest updates on the scale-out file server.

By looking at this list, these server applications uses a few files which are big in size. Comparing with traditional file sharing which involves considerable amount of files with different sizes. Again something to bear in mind, some users, such as information workers, have workloads that have a greater impact on performance. For example, operations like opening and closing files, creating new files, and renaming existing files, when performed by multiple users, have an impact on performance. If a file share is enabled with continuous availability, it provides data integrity, but it also affects the overall performance. Continuous availability requires that data writes through to the disk to ensure integrity in the event of a failure of a cluster node in a Scale-Out File Server. Therefore, a user that copies several large files to a file server can expect significantly slower performance on continuously available file share.

3bg