green0tree22
Contributor
Contributor

GET-VIEVENT

Hi Team,

Im using the get-vievent to retrieve the event of target esxi, powercli 6.5.0-4 . and Powershell v5. installed

when i execute my script it show, get-vievent error in deserializing body of reply message for operation 'retrieve properties'. howe can i fix the error

and additional question, is there a way to retireve the change password of the user and groups in Esxi, the only way i use is to get the FullFormattedMessage to check the logged in and change password message, are my approach correct?please advise

See attached file for your references.

 

Thanks

Moderator note by wila: Moved thread to VMware PowerCLI discussions

Labels (1)
0 Kudos
19 Replies
LucD
Leadership
Leadership

That is a known issue and you seem to be using a very old PowerCLI version.
Upgrade your PowerCLI version.

You can look for the UserPasswordChanged event.
Not sure what you mean by groups for password changes


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Spoiler
 

Hi LucD,

Can you please provide script to use this (UserPasswordChanged(vim.event.UserPasswordChanged)

or provde smaple using powershell

Thanks

0 Kudos
LucD
Leadership
Leadership

You could do something like this

Get-VIEvent -Start (Get-Date).AddDays(-7) -MaxSamples ([int]::MaxValue) |
where{$_ -is [VMware.Vim.UserPasswordChanged]}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Hi LucD,

No output generated, i aready change the password of root account and change the other user but no output.

here is the script that i used.

$allEventsByUser = Get-VIEvent | Select-Object UserName, FullFormattedMessage, CreatedTime | Where-Object {$_.UserName -ne '' -and $_.fullFormattedMessage -match 'Logged in|Password was'} | Group-Object -Property UserName
$userInfo = foreach ($user in $allEventsByUser) {
$recentLogin = $($user.Group | Where-Object {$_.fullFormattedMessage -match 'Logged in'} | Sort-Object -Property CreatedTime -Descending | Select-Object -First 1).CreatedTime
$regexPattern = "Password was.*$($user.Name)"
$recentPWChange = $($user.Group | Where-Object {$_.fullFormattedMessage -match 'Password was'} | Sort-Object -Property CreatedTime).CreatedTime
[PSCustomObject]@{
User = $user.Name
Most_Recent_Login = $recentLogin
Most_Recent_Password_Change_User_Self = $recentPWChange
}
}

0 Kudos
LucD
Leadership
Leadership

If you run Get-VIEvent without any parameter, it only returns 100 events.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Spoiler
 

Hi LucD,

I just use your script and it displays results and put fullformattedmessage like  this

|where $_.fullfirmattedmessage.

And i found that there is password change but no username and when i check the message its shiw vimuser? Why not the affevted user nit displayed?

Can you help me on my script on what is wrong with my script? I appreciate your hell.

I already attached my script.

Thanks

0 Kudos
LucD
Leadership
Leadership

Did you check all the properties of the returned event?

The UserLogin property should hold the user.
The UserName contains the service account that changes the password.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Yes i checked. 

Intried also go display only the password was changed and the fullformattedmessage displayed without username .i dont know what happen?

Its show VIMuser password changed etc.

I change the root password using ssh putty and change other local user password.

 

0 Kudos
LucD
Leadership
Leadership

I'm not sure what you are actually doing, but I just created a small script to test this.
It first connects to an ESXi node and creates a new user on there.
Then it changes the password of that new user.

Then it gets the events from the VCSA and looks for UserPasswordChanged event.

$myEsx = 'myesx.domain'
$esxUser = 'root'
$esxPswd = 'Whatever1!'

$user = 'TestUser'
$description = 'Test user'
$oldPswd = 'VMware1!'
$newPswd = 'Welcome2021!'

Connect-VIServer -Server $myEsx -User $esxUser -Password $esxPswd

$si = Get-View ServiceInstance -Server $myEsx
$actMgr = Get-View -Id $si.Content.AccountManager

$spec = New-Object VMware.Vim.HostAccountSpec
$spec.Description = $description
$spec.Id = $user
$spec.Password = $oldPswd

$actMgr.CreateUser($spec)

# Check account is created

Get-VIAccount -Server $myEsx

# Change password 

$actMgr.ChangePassword('TestUser','VMware1!','Welcome2021!')

Disconnect-VIServer -Server $myEsx -Confirm:$false

# Get event (from VCSA)
Get-VIEvent -Start (Get-Date).AddMinutes(-15) | where{$_ -is [VMware.Vim.UserPasswordChanged]}

The event is there and contains all the info I need
pswd-changed.png


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Is this work in esxi v4.1.

I only have a v4.1 in my test environment 

 

0 Kudos
LucD
Leadership
Leadership

ESX 4.1?
That is 10 years old and definitely not supported anymore.

Do you have a vCenter?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

Yes.i have a vcenter 

Its also 4.0

0 Kudos
green0tree22
Contributor
Contributor

Hi LucD,

I just found you script regarding the get-permission and it was very helpful  the post is last 2014

How can add the get-vievent on you script.

Thanks

0 Kudos
green0tree22
Contributor
Contributor

Hi Lucd,

 

Here is your script post last 2014, i just want to add the get-vievent and output the resruls in the same file.

can you help me on this.i dont know how to add.

i appreciate your help

$report = Get-VIPermission |

Select Principal,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},
@{N='Role';E= { $_.role }},
@{N='vCenter';E={$_.Uid.Split('@:')[1]}}


$report = foreach($row in $report){

Get-VIRole -Name $row.Role | Select -ExpandProperty PrivilegeList | %{

Add-Member -InputObject $row -MemberType NoteProperty -Name $_ -Value 'y' -Force

}

$row

}


$report |Export-Csv $newfolder\Results.csv -NoTypeInformation -Force

 

Tags (1)
0 Kudos
green0tree22
Contributor
Contributor

Hi Lucd,

I hoping you can help me on this. i got headache on how can append the results in same csv file.

Here is the script that i used.

Try {

$pass=get-content 'C:\VMWare vCenter PID Enumeration\pass.txt'
$user=Get-Content 'C:\VMWare vCenter PID Enumeration\user.txt'
$password = ConvertTo-SecureString $pass -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($user, $password)


}catch [System.Management.Automation.ParameterBindingException]{
Write-Host "User canceled. Exception" -ForegroundColor Red
New-Object -TypeName psobject -Property @{
Username=$username
Status="$username cancelled and Exception Cannot process command because of one or more missing mandatory parameters: Credential."}|`
export-csv $newfolder\ErrorLogs_$(Get-Date -Format MM_dd_yyyy_HH_mm_ss).csv -NoTypeInformation -Append
Exit
}

#endregion
Start-Sleep 03
#region Process
$target=Get-Content 'C:\VMWare vCenter PID Enumeration\ListofVCenter.txt'
foreach($vcenter in $target){
''
Write-Host "`nConnecting to $vcenter" -ForegroundColor Green
Connect-VIServer $vcenter -Credential $credential #ping -ErrorAction stop


$report= Get-VIPermission |

Select Principal,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},
@{N='Role';E= { $_.role }},
@{N='vCenter';E={$_.Uid.Split('@:')[1]}}


$report=foreach($row in $report){

Get-VIRole -Name $row.Role | Select -ExpandProperty PrivilegeList | %{

Add-Member -InputObject $row -MemberType NoteProperty -Name $_ -Value 'y' -Force

}

$row

}
$report|Export-Csv c:\temp\results.csv -NoTypeInformation -Force

#$report |Export-Csv $newfolder\results.csv -NoTypeInformation
}
$event=Get-VIEvent -Types Info -MaxSamples 10000 -Start (get-date).AddDays(-14)| Select-Object UserName, FullFormattedMessage, CreatedTime |where {$_.FullFormattedMEssage -match 'logged in|password was'}


foreach($loggedin in $event){

$status=$loggedin| ? { $_.fullFormattedMessage -match 'Logged in|password was' } |Select-Object createdtime,@{Name="Username";Exp={$_.Username}},@{Name="Message";Exp={$_.FullFormattedMessage}},
@{Name="Machine";Exp={$vcenter}} |Select -Unique

foreach($Message in $status){
if($Message -match 'Logged in'){

New-Object -TypeName psobject -Property @{
Name = "$($status.Username)"
Createdtime =$status.CreatedTime
Loggedin='Yes'
Message =$status.Message
Machine=$status.Machine
PasswordChanged=''
}|Export-Csv c:\temp\results.csv -NoTypeInformation -Force

}
foreach($Message in $status){
if($Message -match 'password was'){

New-Object -TypeName psobject -Property @{
Name = $status.Username
Createdtime =$status.CreatedTime
PasswordChanged=$status.fullformattedmessage
Message =$status.Message
Machine=$status.Machine
} |Export-Csv c:\temp\results.csv -NoTypeInformation -Force


}
}


}
}

Tags (1)
0 Kudos
green0tree22
Contributor
Contributor

Hi LucD,

I just stack in here and i dont know how to add the get-vievent.

😞

$report = Get-VIPermission |

Select Principal,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},
@{N='Role';E= { $_.role }},
@{N='vCenter';E={$_.Uid.Split('@:')[1]}}


$report = foreach($row in $report){

Get-VIRole -Name $row.Role | Select -ExpandProperty PrivilegeList | %{

Add-Member -InputObject $row -MemberType NoteProperty -Name $_ -Value 'y' -Force

}

$row

}


$report |Export-Csv $newfolder\Results.csv -NoTypeInformation -Force

0 Kudos
LucD
Leadership
Leadership

You didn't say if my test script I posted earlier returned the event and the required information (user).

Also, you can't combine objects with different properties in a CSV.
That is not a PS nor PowerCLI restriction, but due to the nature of CSV files.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
green0tree22
Contributor
Contributor

How to combine the command the get-vipermission and get-role and get-vievent.

I just searched and i found yiur script and i trying to add get-vievent but im failed 

0 Kudos
LucD
Leadership
Leadership

I'm not sure how you want to 'combine' these different types of information in one CSV.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos