Automation

 View Only

  • 1.  Activity report

    Posted May 13, 2022 10:01 AM

    Hi everyone.

    All my subordinates are permanently working remotely so my job is to procure a PowerShell script that could approximately pinpoint the activity of their VMs.

    I am filtering the FullFortmattedMessage to only show these events:

    ($_.FullFormattedMessage -like '*Your guest has entered a standby sleep state*') -or
                         ($_.FullFormattedMessage -like '*Set console window screen resolution*')-or
                         ($_.FullFormattedMessage -like '*Revert to current snapshot*')  -or
                         ($_.FullFormattedMessage -like '*power off virtual machine*')  -or
                         ($_.FullFormattedMessage -like '*power on virtual machine*') -or
                         ($_.FullFormattedMessage -like '*webmks*')
     
    But I am getting weird results and the report is the basis of someone's weekly work flow so I can't have too big of a discrepancy.
    Is this a good way of checking the VM activities?
     
    In other words, if a machine is powered on, it doesn't mean someone is actually doing any work on it. The Set console window screen resolution is an event that triggers when someone changes the resolution of the VM....  so not sure if I should add anything else here because I am using the "Your guest has entered a standby sleep state" as the end of activity. And some VMs only throw that kind of msg so I must be missing something
     
    The full script is this:

                    $Start = (Get-Date -Hour 0 -Minute 0 -Second 0).AddDays(-4)
                    $Finish = (Get-Date -Hour 0 -Minute 0 -Second 0)               

                    $VIEvent = Get-VIEvent -Start $Start -Finish $Finish -MaxSamples ([int]::MaxValue)


                     $export = foreach ($v in $vievent){
       
                       
                        $Level1 = $v | where {
                            ($_.FullFormattedMessage -like '*Your guest has entered a standby sleep state*') -or
                         ($_.FullFormattedMessage -like '*Set console window screen resolution*')-or
                         ($_.FullFormattedMessage -like '*Revert to current snapshot*')  -or
                         ($_.FullFormattedMessage -like '*power off virtual machine*')  -or
                         ($_.FullFormattedMessage -like '*power on virtual machine*') -or
                         ($_.FullFormattedMessage -like '*webmks*')
                         }
                         
                 
                        $Level1 | where {
                        ($_.UserName -like '*user*')-or
                        ($_.UserName -like '*admin1*')-or  
                        ($_.UserName -like '*admin2*')-or
                        ($_.UserName -like '*admin3*')} |
                        Sort-Object CreatedTime |
                        select @{n='VM';e={$v.VM.Name}}, CreatedTime,Username,FullFormattedMessage}

                           
                            if ($export -eq $null){
                            Add-Type -AssemblyName System.Windows.Forms
                            $global:balmsg = New-Object System.Windows.Forms.NotifyIcon
                            $path = (Get-Process -id $pid).Path
                            $balmsg.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($path)
                            $balmsg.BalloonTipIcon = [System.Windows.Forms.ToolTipIcon]::Info
                            $balmsg.BalloonTipText = ‘VM Report is empty'
                            $balmsg.BalloonTipTitle = "Empty Report!"
                            $balmsg.Visible = $true
                            $balmsg.ShowBalloonTip(20000)}

                            else {
                            $export | Sort-Object CreatedTime -Descending |
                            Export-csv -path "$folder\Weekly_$NOW.csv" -NoTypeInformation



                            Add-Type -AssemblyName System.Windows.Forms
                            $global:balmsg = New-Object System.Windows.Forms.NotifyIcon
                            $path = (Get-Process -id $pid).Path
                            $balmsg.Icon = [System.Drawing.Icon]::ExtractAssociatedIcon($path)
                            $balmsg.BalloonTipIcon = [System.Windows.Forms.ToolTipIcon]::Info
                            $balmsg.BalloonTipText = "There is an updated report available in $folder"
                            $balmsg.BalloonTipTitle = "New Report Available!"
                            $balmsg.Visible = $true
                            $balmsg.ShowBalloonTip(20000)}
                            }
           


  • 2.  RE: Activity report

    Posted May 13, 2022 10:15 AM

    Personally, I don't think looking at the outside of a VM, what vSphere does, wil not give you sufficient information to determine if a VM is "in use".
    My preferred approach is to use a Guest OS native command to show activity inside a Guest OS.
    These commands of course differ by type of Guest OS.
    But when the VMware Tools are installed on your VMs, you can use the Invoke-VMScript cmdlet to launch these commands.



  • 3.  RE: Activity report

    Posted May 13, 2022 10:53 AM

    Hello! Thank you for the response.

    Do you have an example for Windows os?



  • 4.  RE: Activity report

    Posted May 13, 2022 11:05 AM

    Each environment is different, so I don't think any of my scripts would help for your environment.
    But all the scripts for Windows OS are build around the Get-Process and the  Get-Counter cmdlet.



  • 5.  RE: Activity report

    Posted May 13, 2022 11:11 AM

    Well I actually can't really utilize the Guest OS commands because everyone has a vm with custom passwords so I can't access them.



  • 6.  RE: Activity report

    Posted May 13, 2022 11:13 AM

    Don't you have an admin or service account to manage your OS?
    If not, then it will be hard to determine what goes on inside the Guest OS.