vlife201110141
Enthusiast
Enthusiast

ntp servers

Jump to solution

Hello Mates,

I would like to find out the ntp server configured date of one of the host and the action is done by whom (what user). Any help is really appreciated.

Thanks,

0 Kudos
1 Solution

Accepted Solutions
cjscol
Expert
Expert

You could try looking through the events for the host.  I think you get an event with the text "Task: Update date or time" when someone changes the NTP server.  Use the following one liner

Get-VMHost nameofyourhost | Get-VIEvent | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Depending on how long ago it happened you might have to increase the MaxSamples on the Get-VIEvent cmdlet, e.g.

Get-VMHost nameofyourhost | Get-VIEvent -MaxSamples 1000 | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Calvin Scoltock VCP 2.5, 3.5, 4, 5 & 6 VCAP5-DCD VCAP5-DCA http://pelicanohintsandtips.wordpress.com/blog LinkedIn: https://www.linkedin.com/in/cscoltock

View solution in original post

0 Kudos
3 Replies
LucD
Leadership
Leadership

Afaik, there is no event that keep track of the configuration of the NTP server on an ESX(i) host, I'm afraid.

Perhaps there is something in /var/log/messages (for an ESX host), but I'm afraid you won't see who actually did the change.

Was this done from a vSphere client or from a SSH to the ESX(i) host ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

vlife201110141
Enthusiast
Enthusiast

I found the guy reviewing events. Thanks anyway Luc ...

0 Kudos
cjscol
Expert
Expert

You could try looking through the events for the host.  I think you get an event with the text "Task: Update date or time" when someone changes the NTP server.  Use the following one liner

Get-VMHost nameofyourhost | Get-VIEvent | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Depending on how long ago it happened you might have to increase the MaxSamples on the Get-VIEvent cmdlet, e.g.

Get-VMHost nameofyourhost | Get-VIEvent -MaxSamples 1000 | Where {$_.FullFormattedMessage -eq "Task: Update date or time"} | Select CreatedTime, UserName, FullFormattedMessage

Calvin Scoltock VCP 2.5, 3.5, 4, 5 & 6 VCAP5-DCD VCAP5-DCA http://pelicanohintsandtips.wordpress.com/blog LinkedIn: https://www.linkedin.com/in/cscoltock

View solution in original post

0 Kudos