Reviewing DNS logs with PowerShell

Posted on July 6, 2013 by brian.wuchner

I recently helped out on a project where DNS services were being moved to different hosts with new IP addresses. After updating the DHCP scope options and static DNS configuration settings on all servers, the team turned on DNS logging to look for any hosts still using the old DNS servers. The logs contained a lot more records than originally anticipated, so I wrote the following code to help summarize the logs.

This first block of code found all of the DNS queries that didnt come from domain controllers, manipulated the log file entry to get just the source IP and stored all the results in a collection named myResults.


# Create a pipe separated list of domain controllers
$listOfDCs = "192.168.0.40|192.168.5.20|192.168.10.60"
$loopbackIPv6 = [regex]::Escape("::1")
 
$myResults = @()
Get-Content e:\dnslogs\dns.log | ?{$_ -match ' PACKET  ' -and $_ -match "UDP Rcv " -and $_ -notmatch $listOfDCs -and $_ -notmatch $loopbackIPv6} | %{
  $sourceIP = (($_ -split("UDP Rcv "))[1] -split(" "))[0]
  $myResults += New-Object psobject -Property @{
    SourceIP = $sourceIP
    FullLine = $_
  } # end new object
} # end dns log loop

Once we rearranged the data so that it would be more usable, we wanted to find the source IP addresses responsible for the majority of the lookups. The idea here is that once you resolve the issue with these hosts, you can recreate the DNS log file and the next pass through will contain fewer entries and therefor run faster. Using powershell this is a pretty quick one liner after you run the block of code above.


$myResults | Group-Object -Property SourceIP | Sort-Object Count -Descending

That is helpful, but the team really wanted to know host name. Using the data from host naming convention, they could tell what team would be responsible for resolution of the issue. With just a few more lines of code we can easily return that information too.


# Since server guys are more likely to know host names than IP address, we will loop through the resutls and
# lookup the host name, then sort the list to find the largest number of lookups
$myResults | Group-Object -Property SourceIP | Sort-Object Count -Descending | %{
  $sourceName = try { [system.net.dns]::GetHostByAddress($_.Name).HostName } catch { "UNKNOWN" }
  New-Object psobject -property @{
    HostName = $sourceName
    IP = $_.Name
    Count = $_.Count
  }
}
Posted in Scripting | Leave a comment

Powering on a virtual machine from the command line

Posted on July 5, 2013 by brian.wuchner

I recently made a post about powering on virtual machines in bulk using PowerCLI. That process worked well to power on VMs in vCenter, but what if you need to turn on vCenter? In some cases (lockdown mode, firewall rules, etc) you may need to power on a VM from the tech support console of an ESXi host. vSphere has accountted for this through the use of vim-cmd commands in the local console. The first command will return the ID for each VM on a host. The second command accepts one of these IDs to execute a power on operation:

vim-cmd vmsvc/getallvms
vim-cmd vmsvc/power.on ##

VMware has a good KB article on the subject: 1038043 | Powering on a virtual machine from the command line when the host cannot be managed using vSphere Client.

Posted in Virtualization | Leave a comment

Quickly power on virtual machines with PowerCLI Get-View

Posted on July 5, 2013 by brian.wuchner

I recently had a need to power on a lot of virtual machines in a specific order. I was given several text files each numbered with a startup sequence. At a specific time I would be given a number and need to power on all of the virtual machines associated with that startup sequence number. Several minutes later I would be given another number and need to power on all of those virtual machines. Using Get-VM and Start-VM really wasn’t an option… even with -RunAsync that option was kind of slow.

The option I finally settled on involved using Get-View to return a list of all virtual machines; I would then use Where-Object to find the specific VM and finally invoke the PowerOnVM_Task to start the VM. During some testing, I realized this was almost too fast. Nearly all of the power on tasks would queue up in vCenter and all the VMs would power on in very large batches. To keep things somewhat controlled, I added a very short .5 second delay between virtual machine power on tasks. 


$serverList = Read-Host "Which list would you like to power on? "
$view = Get-View -ViewType 'virtualmachine' -Property Name

$taskTracker = @()
Get-Content "$serverListList.txt" | %{
  $vmName = $_
  Write-Host "Now powering on VM: $vmName ... " -nonewline
  $taskTracker += ($view | ?{$_.name -eq "$vmName" }).PowerOnVM_Task($null)
  Start-Sleep -Milliseconds 500
  Write-Host "done!"
}
"Submitted $($taskTracker.Count) power on requests"

2013/10/20 Update: Just to clarify, I had files named 1list.txt, 2list.txt, 3list.txt and so on, each containing a virtual machine name listed one per line of the file. When the Read-Host cmdlet asked ‘Which list would you like to power on?’ I just answered 1, 2 or 3. The script automatically appends the list.txt to the file name on the Get-Content line.

This script can potentially throw some errors that are not accounted for in code, but weren’t a show stopper in my situation. First of all, this script does not account for vApps or scenarios where multiple virtual machines have identical names. vApps typically have their own startup order defined within the app. This process will turn on member VMs but may or may not be in the correct order. Another problem would be if you have two virtual machines with the same name, such as “UI VM”. This script will not turn on either (however it could be modified slightly to do so). The last issue I’m aware of is that this process will attempt to turn on any virtual machine in the list without first checking to see if the virtual machine is currently running. If a VM was powered on before my script reached it, the error “The operation is not allowed in the current state” was logged in vCenter and in the script. In my situation this was acceptable.

Posted in Scripting, Virtualization | 2 Comments

Do you have any way of getting server name from the attached list of IPs?

Posted on June 24, 2013 by brian.wuchner

Every now and then I get a simple script idea in my email, like this one from a couple weeks ago:

Do you have any way of getting server name from the attached list of IPs?

This is a pretty simple request, and there are probably thousands of possible solutions, but I threw together a quick function that accepts an IP Address as a string and returns the IP address and a host name… like this:


Function Get-HostName ([string]$ipAddress) {
  New-Object psobject -Property @{
    IPAddress = $ipAddress
    HostName = try { [system.net.dns]::GetHostByAddress($ipAddress).HostName } catch { "UNKNOWN" }
  }
}

That’s almost a solution… the only thing remaining would be to read in the text file, call the function for each line and then export the results. That can all be done in one line of code, but I put in some line breaks to make it easier to read:


Get-Content ipList.txt | 
%{ Get-HostName $_ } | 
Export-Csv MyIPsExport.csv -NoTypeInformation
Posted in Scripting | 1 Comment

When are Windows patches happening?

Posted on May 22, 2013 by brian.wuchner

As most people know, Microsoft releases patches on the second Tuesday of the month. In some organizations these patches are deployed to development, test and QA systems within a couple of days of the release. However, production systems can’t be patched until the next maintenance window. Assuming this patch window is on a Saturday, we need to find the first Saturday after the second Tuesday. When looking at a calendar this is pretty simple for most people to figure out. However, when you need a whole years worth it takes a few minutes to calculate. What we need is some code to look these up for us…like this function:


Function Get-WsusSaturday {
 param([datetime]$date=(Get-Date) ) 
 $numberOfTuesdays=0 
 
  1..([datetime]::DaysInMonth( $date.year , $date.month )) | %{ 
   $thisDate = Get-Date "$($date.month)/$($_)/$($date.year)"
   if ([string]$thisDate.DayOfWeek -eq 'Tuesday') {
    $numberOfTuesdays++ 
    if ($numberOfTuesdays -eq 2) {  
     $thisDate.AddDays(4).ToLongDateString() 
    }
   }
 }
}

Line 2: accept the date as a parameter and cast it to a date/time value, defaulting to today’s date if nothing is provided
Line 3: max sure we don’t think its Tuesday already
Line 5: starting on the first of each month, loop through the max number of days in the month
Line 8: if the date is Tuesday, add one to the counter
Line 9: once we find the second Tuesday
Line 10: add 4 more days to find the following Saturday and return the date text

You can take this function and do something creative, like find the next 5 years worth of patch Saturdays.


13..18 | %{
  $year = $_
  1..12 | %{ Get-WsusSaturday "$_/1/$year" }
}
Posted in Scripting | Leave a comment