Forward vCenter Server Appliance Log Files to Remote Syslog Server

A few days ago I was required to obtain some audit logs from our SIEM system (Sumologic) and from vCenter and I noticed that our vCenter logs weren’t going in to Sumologic and that the log files required for SSO auditing or the VPXD log (where, among other things, stipulates what client was used by who to connect) were rotating every 7 days. This was not good. So I decided what better time than now to forward vCenter syslogs to Sumologic.

It was a little more complex than just enabling syslog through appliance management as by default, this does not collect the SSO logs, like:

  • /var/log/vmware/sso/ssoAdminServer.log – Auditing SSO logins
  • /var/log/vmware/sso/vmware-identity-sts.log – Auditing SSO user changes

I found this out by scouring the internet and piecing little pieces together and eventually, creating a rock solid syslog source for our vCenter Servers.

Please note: This is not an officially supported configuration by VMware and for larger environments, this could potentially have an impact on the vCenter Server service, so please take caution in the logs you decide to forward. And as always, test this in a lab first.

I also want to mention that this needs to be done on each VCSA instance, i.e. if you have a vCenter with an External PSC, this would need to be done on both servers, in order to collect all the logs.

So, lets begin:

Continue reading Forward vCenter Server Appliance Log Files to Remote Syslog Server

Install Powershell and PowerCLI in Ubuntu 18.04 (Bionic Beaver) – Unsupported Workaround

EDIT: This was an unsupported work around and now 18.04 is officially supported, you can read my post about it here: Install Powershell and PowerCLI in Ubuntu 18.04 (Bionic Beaver)

Over the last few weeks, due to the increased compatibility and requirements for me to be using a Linux distro, I have decided to make a transition over to Linux (specifically Ubuntu) and one of the requirements for this process was the ability to install Powershell as I frequently use PowerCLI. However, It’s not as simple as an apt-get install cmdlet. I am by no means a developer or coder, but as you might know, I do create some scripts or tools now and again.

So, as part of this trial transition (who knows, might go back to windows – ghast!), I have managed to install Powershell and PowerCLI. This guide is for 18.04 but it uses 17.04 libraries as 18.04 is not official supported, yet. But it does work.

So, lets begin:

Continue reading Install Powershell and PowerCLI in Ubuntu 18.04 (Bionic Beaver) – Unsupported Workaround

Finding Groups that have disabled users in them

This is just a quick powershell script to find all users who are a member of a certain group (of certain groups).
We were running out of licenses for one of the products we use internally. This product is tied to group memberships. Instead of clicking on each indivual group or disabled user (approximate 40 groups or 560 disabled users), I figured I would draft up a quick powershell to do the work for me.

Write-Host "Importing the ActiveDirectory Module" -foregroundcolor green
Import-Module ActiveDirectory | out-null 
Write-Host "Filtering AD Groups" -foregroundcolor green

#This will filter your groups. Change *changeme* to the group(s) you want filter. Keep the * if you want to wildcard it 
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "*changeme*"} | select Name -expandproperty Name)
Write-Host "Preparing the CSV Template" -foregroundcolor green

#This will create the template for you to export to CSV 
$csv = @() 
$Record = [ordered]@{ 
"Group Name" = "" 
"Name" = "" 
"Username" = "" 
"Enabled" = ""
} 
Write-Host "The Magic is happening. Getting all Disabled Members" -foregroundcolor green

#The Magic
Foreach ($Group in $Groups) 
{ 
 $ArrayOfMembers = Get-ADGroupMember -Identity $Group -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select Name,SamAccountname,Enabled
 foreach ($Member in $Arrayofmembers) 
 {
 $Record."Group Name" = $Group
 $Record."Name" = $Member.Name
 $Record."UserName" = $Member.SamAccountname
 $Record."Enabled" = $Member.Enabled
 $objRecord = New-Object PSObject -property $Record
 $csv += $objrecord
 } 
}

#The Export
Write-Host "Exporting to CSV" -foregroundcolor green
$csv | export-csv "C:\temp\ADSecurityGroups.csv" -NoTypeInformation | out-null
Write-Host "Complete" -foregroundcolor green

Continue reading Finding Groups that have disabled users in them