0

How-to : Windows Event Collector: DNS Event Log Forwarding

-

Tomasz Jagiello strikes back as guest writer 🙂 This time on Windows Event Collector configuration for DNS Event Log forwarding. Very good how-to with detailed configuration.

Design where via Group Policy a Domain Controller group will be configured to forward DNS Server events to a single collector.

To test and demonstrate Event Log Forwarding I built simple Lab environment:

  • 2x Domain Controllers (DC1, DC2)
  • 1x Event Collector (SRV1).

win-event-collector-dns-01

(more…)

0

Code snippets : Windows : Importing Event Logs to Database

-

Code snippet from old archives. It shows how to import Windows event log entries to database. Important is to setup database and table accordingly, so it contains apropriate columns.

Set objConn = CreateObject("ADODB.Connection")
Set objRS = CreateObject("ADODB.Recordset")
objConn.Open "DSN=EventLogs;"
objRS.CursorLocation = 3
objRS.Open "SELECT * FROM tblEventLog" , objConn, 3, 3
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colRetrievedEvents = objWMIService.ExecQuery _
("Select Category, CategoryString, ComputerName, Data, EventCode, _
EventIdentifier, EventType, LogFile, Message, RecordNumber, SourceName, _
TimeGenerated, TimeWritten, Type, User from Win32_NTLogEvent")
For Each objEvent in colRetrievedEvents
objRS.AddNew
objRS("el_Category") = objEvent.Category
objRS("el_CategoryString") = objEvent.CategoryString
objRS("el_ComputerName") = objEvent.ComputerName
objRS("el_Data") = objEvent.Data
objRS("el_EventCode") = objEvent.EventCode
objRS("el_EventIdentifier") = objEvent.EventIdentifier
objRS("el_EventType") = objEvent.EventType
objRS("el_LogFile") = objEvent.LogFile
objRS("el_Message") = objEvent.Message
objRS("el_RecordNumber") = objEvent.RecordNumber
objRS("el_SourceName") = objEvent.SourceName
objRS("el_TimeGenerated") = objEvent.TimeGenerated
objRS("el_TimeWritten") = objEvent.TimeWritten
objRS("el_Type") = objEvent.Type
objRS("el_User") = objEvent.User
objRS.Update
Next
objRS.Close
objConn.Close
0

Tips & Tricks : List Event Logs and associated sources

-

To list all Event Logs and sources associated with them use:

Get-EventLog -LogName * |ForEach-Object {$LogName = $_.Log;Get-EventLog -LogName $LogName -ErrorAction SilentlyContinue |Select-Object @{Name= "Log Name";Expression = {$LogName}}, Source -Unique}
0

Code snippets : Restart IIS Application Pool in PowerShell

-

If you need to watch IIS application pool and start it once goes down and want to use PowerShell for that here is simple script for that.

Script includes also logging all restarts in log file which is created in same folder as script.

# AppPool to monitor
$AppPoolName = "AppPoolName"

# Log Destination
$LogToScreen = 1
$LogToFile = 1

# Determine script location for PowerShell
$ScriptDir = Split-Path $script:MyInvocation.MyCommand.Path

# Output log
$OutputLogPath = $ScriptDir + "\AppPoolRestart.csv"

#Check if file exists and create if it doesn't
If(!(Test-Path -Path $OutputLogPath)){
#Create file and start logging
New-Item -Path $OutputLogPath -ItemType File
}

###
# Function: LogMessage
###
function LogMessage($Msg, $ToScreen, $ToFile)
{
if ($ToScreen -eq 1)
{
Write-Host $Message
}

If ($ToFile -eq 1)
{
Add-Content -Path $OutputLogPath -Value $Message
}
}
###
# End Function: LogMessage
###

While (1 -eq 1){

Clear-Host

$AppPoolStatus = Get-WebAppPoolState -Name $AppPoolName

$DateTime = Get-Date

If ($AppPoolStatus.Value -eq "Stopped"){
Write-Host "Not Working"
Start-WebAppPool -Name $AppPoolName
$Message = "App Pool $AppPoolName restarted at $DateTime"
LogMessage $Message $LogToScreen $LogToFile
}Else{
Write-Host "Working"
}

Sleep 5
}
0

Code snippets : Execute SQL script using PowerShell

-

Recently I went through requirement of running SQL scripts on multiple databases on different servers. As the list of databases was different from script to script I decided to create universal solution, which will allow to easily prepare for deployment and can be simply reused at any time.

As a platform to execute scripts I went with PowerShell as that provides flexibility in case additional functionality will be required.

Whole solution contains 3 files:

  • SqlExecutionInflow.csv – file contains list of databases and servers where particular database is located. It is simple CSV file with 2 columns
  • SqlExecQuery.sql – contains SQL script which will be executed against all databases listed in SqlExecutionInflow.csv
  • SqlExec.ps1 – main script which load SqlExecInflow.csv and executes query from SqlExecQuery.sql

All files have to be placed in same folder. As a result script will create transcript file with output from all executed commands.

And here are example files and script itself…

(more…)

0

Code snippet : Sending email from PowerShell script

-

If you want to send email from PowerShell script via Google Mail:

$SMTPServer = "smtp.gmail.com"
$SMTPPort = "587"
$SMTPUsername = "sender@gmail.com"
$SMTPPassword = "password"

$EmailSenderAddress = New-Object System.Net.Mail.MailAddress("sender@gmail.com", "PowerShell Automated Email")

$EmailFrom = $EmailSenderAddress
$EmailTo = "recipient@gmail.com"
$EmailCc = "recipient@hotmail.com"
$EmailAttachment = "C:\Scripts\Attachment.txt"
$EmailSubject = "Automated Email with Report."
$EmailBody = @"
Please find attached report.
"@

$EmailMessage = New-Object System.Net.Mail.MailMessage
$EmailMessage.Subject = $EmailSubject
$EmailMessage.Body = $EmailBody
$EmailMessage.To.Add($EmailTo)
$EmailMessage.CC.Add($EmailCc)
$EmailMessage.From = $SMTPUsername
$EmailMessage.Attachments.Add($EmailAttachment)

$SMTPSession = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
$SMTPSession.EnableSSL = $true
$SMTPSession.Credentials = New-Object System.Net.NetworkCredential($SMTPUsername, $SMTPPassword);
$SMTPSession.Send($EmailMessage)
Write-Host "Mail Sent"
Page 1 of 612345...Last »