VMware Cloud Community
vlife201110141
Enthusiast
Enthusiast
‎12-07-2011 08:44 AM
Jump to solution

ntp servers

Hello Mates,

I would like to find out the ntp server configured date of one of the host and the action is done by whom (what user). Any help is really appreciated.

Thanks,

Reply
0 Kudos
1 Solution

Accepted Solutions
cjscol
Expert
Expert
‎12-07-2011 09:13 AM
Jump to solution

You could try looking through the events for the host.  I think you get an event with the text "Task: Update date or time" when someone changes the NTP server.  Use the following one liner

Get-VMHost nameofyourhost | Get-VIEvent | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Depending on how long ago it happened you might have to increase the MaxSamples on the Get-VIEvent cmdlet, e.g.

Get-VMHost nameofyourhost | Get-VIEvent -MaxSamples 1000 | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Calvin Scoltock VCP 2.5, 3.5, 4, 5 & 6 VCAP5-DCD VCAP5-DCA http://pelicanohintsandtips.wordpress.com/blog LinkedIn: https://www.linkedin.com/in/cscoltock

View solution in original post

Reply
0 Kudos
3 Replies
LucD
Leadership
Leadership
‎12-07-2011 09:09 AM
Jump to solution

Afaik, there is no event that keep track of the configuration of the NTP server on an ESX(i) host, I'm afraid.

Perhaps there is something in /var/log/messages (for an ESX host), but I'm afraid you won't see who actually did the change.

Was this done from a vSphere client or from a SSH to the ESX(i) host ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
vlife201110141
Enthusiast
Enthusiast
‎12-07-2011 09:12 AM
Jump to solution

I found the guy reviewing events. Thanks anyway Luc ...

Reply
0 Kudos
cjscol
Expert
Expert
‎12-07-2011 09:13 AM
Jump to solution

You could try looking through the events for the host.  I think you get an event with the text "Task: Update date or time" when someone changes the NTP server.  Use the following one liner

Get-VMHost nameofyourhost | Get-VIEvent | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Depending on how long ago it happened you might have to increase the MaxSamples on the Get-VIEvent cmdlet, e.g.

Get-VMHost nameofyourhost | Get-VIEvent -MaxSamples 1000 | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Calvin Scoltock VCP 2.5, 3.5, 4, 5 & 6 VCAP5-DCD VCAP5-DCA http://pelicanohintsandtips.wordpress.com/blog LinkedIn: https://www.linkedin.com/in/cscoltock
Reply
0 Kudos