4 Replies Latest reply on May 16, 2019 11:34 PM by jvm2016

    getting vmkernel and hostd logs-powercli

    jvm2016 Expert

      Hi Luc ,

       

      i discussed one script some days back to find some security parameters .

      can you please tell me if get-log -key vmkernal-vmhost $esxi,  get-log -key hostd-vmhost $esxi  will need some port open ??

      this host is added to vcenter and iam running that script against vcenter.

      for some reasons iam geetingcommunuication to host failure error .

       

       

       

       

      below is the script:

       

      #$vcenter = Read-Host "please provide vcentername"

       

      #$credential_vcenter = Get-Credential

       

      #$conn = Connect-VIServer -Server $vcenter | Out-Null

       

      #only for distributed switches .

       

      #for hostd presence we need openssh module though it should be present by default.

       

      $path = 'C:\Users\in0079d6\Desktop\Technicolor_script'

       

      $security_parameters = @()

       

      foreach ($dc in Get-Datacenter)

       

      {

       

         #Write-Host "Current PowerShell version $(($PSVersionTable.PSVersion).ToString())" -ForegroundColor Cyan

       

         foreach ($esxi in (Get-VMHost -Location $dc))

       

         {

       

         $distributedswitch = Get-VirtualSwitch -VMHost $esxi -Distributed

       

         $ssh_running_remote = Get-VMHostService -VMHost $esxi | Where-Object { $_.key -eq "TSM-SSH" }

       

       

       

         $promiscousmode = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value

       

         $forgedtransmit = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value

       

         $mac_address_change = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value

       

         $vmkmgmt = Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel | Where-Object { $_.ManagementTrafficEnabled -eq $true }

       

         $dhcp_enabled = $vmkmgmt.DhcpEnabled

       

         $ports_enabled = Get-VMHostFirewallException -VMHost $esxi -Enabled:$true

       

         $inports = ($ports_enabled.IncomingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { [int]$_.Trim(' ') }) -join '|'

       

         $outports = ($ports_enabled.OutGoingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { $_.Trim(' ') }) -join '|'

       

         $local_tech_support = $esxi |

       

         Where-Object { $_.ExtensionData.Summary.Config.Product.Name -match "i" } |

       

         Select-Object Name,

       

         @{N = "localTechSuportModeEnabled"; E = { (Get-VMHost $_.Name | Get-AdvancedSetting -Entity $esxi -Name VMkernel.Boot.techSupportMode).Values } }

       

         if ($null -eq $local_tech_support.localTechSuportModeEnabled)

       

         {

       

         $localtechsupportenabled = "False"

       

         }

       

         $vmkernel = Get-Log -VMHost $esxi -Key vmkernel

       

         if ($null -ne $vmkernel.entries)

       

         {

       

         $presence_vmkernel = "True"

       

         }

       

         $hostd = Get-Log -VMHost $esxi -Key hostd

       

         if ($null -ne $hostd.entries)

       

         {

       

         $presence_hostd = "True"

       

         }

       

       

       

       

       

         $output = New-Object -TypeName PSObject

       

         $output | Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name

       

         $output | Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name

       

         $output | Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running

       

         $output | Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode

       

         $output | Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit

       

         $output | Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change

       

         $output | Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel

         $output | Add-Member -MemberType NoteProperty -Name 'hostdlogs_presence' -Value $presence_hostd

       

       

         $output | Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled

       

         $output | Add-Member -MemberType NoteProperty -Name 'incoming ports enabled ' -Value $inports

       

         $output | Add-Member -MemberType NoteProperty -Name 'outgoing ports enabled ' -Value $outports

       

         $output | Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled

       

         $security_parameters += $output

       

         }

       

      }

       

      $security_parameters | Out-File -FilePath "$path\security_params.txt"