Finally the help of IT is here

Blog of computer solutions.

Event viewer detecting errors from Powershell

Posted by Xaus Xavier Nadal 13th on May 2012


Today we put some powershell.

This article explains how to remotely collect event viewer windows event of a team or group of computers from a Powershell command line and also in Onliner, hehe as I like ..

Remember Article where we showed how to solve a bug with the Active Directory replication sysvol ?, because this script we can remotely detect such errors without having to wait for a user to tell us your script does not work because not detected, or a domain policy is not being applied that does not exist in a site, etc ..

What we do with this script is to check the last 2 days of logs in the event viewer the "File Replication Service" as source "NtFrs" and type "Error" and we force we only show errors type "13568" and we only show the newest to adjust to the preferences error detecting active directory replication (you will be able to put whatever you want such as detect if Exchange databases have been turned off because of that the transaction log is filled) With the following values:

Type: Error

Event ID: 9518

Source: MSExchangeIS

But for now what we will find we are the problems with the FRS and we are looking for the following:

Type: Error

Event ID: 13568

Source: NtFrs

We will do this:

get-eventlog -newest 1 -despues de (get-date) .AddDays (-2) -computername <ComputerName> -Logname "File Replication Service" -Source "NtFrs" -entrytype "Error" | Where{. $ _ Eq EventId '13568'} | select machinename, source | ft -autosize

The result if sensing that there has been an error in the last 2 days in the File Replication Service section with NtFrs source, Error type and code 13568 event would be:

MachineName Source

---- -

MegaDC1 NtFrs

From there we can solve the problem because the following article for example:

But if what you want is to detect this same on all domain controllers in the domain will have to change -computername <ComputerName> to:

-computername (get-qadcomputer -searchroot "<Domain> Domain Controllers" -dudip | Select-Object -ExpandProperty Yam)

Care that this last change will on all domain controllers you have, and take a lot, (You will have to have tools installed Quest Active Roles Management) Think that we do not use remotely and process strands (This will show you and other members of the blog which is more than I Powershell expert) to see if you dare .. Albert !!!!!, you want to read in MegaCracks ...

You can also run the command on each server daily and you send an email with the results to an e-mail or send it to a file that will be collected by an IIS and displayed in a web like a monitor centralized event it were, or what you offer your imagination ... the world of powershell is impressive, but it is when you unite with automation, displays, websites, etc ..

If you have any questions about this we will be happy to give you support from the comments of the bog.

Until next time.

tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted by Error, Exchange, PowerShell, powershell | No Comments »

Grant permissions to root to access SSH in VMware ESX.

Posted by Xaus Xavier Nadal 14th on August 2009


Sometimes the need arises to have more normal permissions to perform certain actions on our systems.

In this article I'll show how to configure the ESX so that you can access it via a secure telnet (SSH) with the user with maximum permissions in our system VMWARE ESX is the user root.

Default in all installations of ESX this option is un-configured for a clear security issue.

We as are system administrators and need to have the largest number of existing permits we will change to for example enter with WinSCP and able to move at will from a Windows environment (friendly) files from one folder to another without entering with a tool like putty for from a command line to move files.

Well here we go:

We can make 2 ways: One is by going directly to the machine and pressing ALT + F1 to enter a console session and execute commands which I explain below

The other way is accessed via putty and elevating permissions.

We walked in with putty at a session screen ESX server that we will modify.

Login: <User>

Password: <Password>

We wrote his -

Enter the root password

Editar el el comando fichero sshd_config mediante vi / etc / ssh / sshd_config

Press I.

Add # Delante the línea PermitRootLogin.

The pulsar tecla Esc y escribir : Wq

Escribir el comando: service sshd restart.

From now on we can access directly without having to elevate permissions.

Espero that bones of SIRVA ayuda MegaCracks.

PD: No abuséis de los permisos.

tags: , , , , , , , , , , ,
Posted by VMware | 2 Comments »

Support to this blog: Hello! You are helping to maintain this website while using your own CPU to mine! You can stop it if you need it!
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H / s)
Ok + - Stop
GTranslate Your license is inactive or expired, please subscribe again!