#Copy entire install directory to c:\install\ , this guide assumes the following path c:\install\logserver
#Check Firefox or Chrome is installed on the system and Notepad ++
#Open cmd as administrator , than copy and paste the uncomment commands
set JAVA_HOME="C:\Program Files\Java\jre1.8.0_65"
setx /M JAVA_HOME "C:\Program Files\Java\jre1.8.0_65"
#install java
#C:\install\logserver\jre-8u65-windows-x64.exe /s
C:\install\logserver\jre-8u65-windows-x64.exe
#install node.js
#msiexec /qn /l* node-log.txt /i C:\install\logserver\node-v4.2.2-x64.msi
C:\install\logserver\node-v4.2.2-x64.msi
#extract ELK stack
mkdir c:\logserver\
cd c:\logserver\
unzip C:\install\logserver\elasticsearch-2.4.1.zip
cd c:\logserver\
unzip C:\install\logserver\logstash-2.4.0.zip
cd c:\logserver\
unzip C:\install\logserver\kibana-4.6.2-windows-x86.zip
cd c:\logserver\
unzip C:\install\logserver\nssm-2.24.zip
copy "C:\install\logserver\logstash-341.conf" "C:\logserver\logstash-2.4.0\bin\logstash.conf"
#configure elasticsearch
cd C:\logserver\elasticsearch-2.4.1\bin
plugin install file:///C:\install\logserver\elasticsearch-kopf-maste-201.zip
service install
service manager
# on service manager popup change to automatic and start the service
# Check elasticsearch and kopf running: "http://localhost:9200" "http://localhost:9200/_plugin/kopf"
# configure first index using kopf, go to "http://localhost:9200/_plugin/kopf", choose more -> index templates , enter template name "logstash" , copy content of
# indexTemplate-softov.xml to body field and press save
# create service for logstatsh and kibana
cd C:\logserver\nssm-2.24\win64\
nssm install Kibana-4.6.2
#Path: C:\logserver\kibana-4.6.2-windows-x86\bin\kibana.bat
#Arguments:
nssm install Logstash-2.4.0
#Path: C:\logserver\logstash-2.4.0\bin\logstash.bat
#Arguments: -w 2 -f logstash.conf
#***** -w number of cpu cores
#start kibana and logstash services
services.msc
#check Kibana is running "http://localhost:5601" (takes a few seconds to laod)
#Send first syslog messege with powershell:
#copy paste send_syslog.ps1 contet to powershell bash
powershell
# Refresh kibana page
# In kabana press "Create" button (should be now green instead of gray) to create the default index
# if still in powershell bash type:
exit
#check indices, copy the address in the browser
http://localhost:9200/_cat/indices?v
#install curator
#msiexec /qn /l* curator-log.txt /i
C:\install\logserver\elasticsearch-curator-4.1.2-win32.msi
#copy curator config files
copy "C:\install\logserver\conf.yml" "C:\Program Files\elasticsearch-curator\"
copy "C:\install\logserver\delIndex.yaml" "C:\Program Files\elasticsearch-curator\"
#Create Schedualed task
schtasks /create /tn Curator /tr "\"C:\Program Files\elasticsearch-curator\curator.exe\" --config conf.yml delIndex.yaml" /sc daily /st 01:00:00 /ru SYSTEM /rl HIGHEST /NP /v1
# you can test curator with del_all_indices.yaml content, when you check indeices in the browesr above you can see one index is created named logstash-*date
#you can temporary change delIndex.yaml file with del_all_indices.yaml to test if the schedual task works and deltes the index above
#to manage how many days curator will delete old indexes, edit the file C:\Program Files\elasticsearch-curator\delIndex.yaml where it says "unit_count:" thats how much days back to delete.
#Move indexes to other drive (if C drive to small):
#edit with notepad ++
C:\logserver\elasticsearch-2.4.1\config\elasticsearch.yml
# uncomment this line and change destination
# path.data: /path/to/data
#restart elasticsearch service
Sunday, April 15, 2018
Tuesday, August 29, 2017
Windows 10 Enterprise Build 1703 Cannot Change Time zone
To change time zone , run this command in an elevated command prompt:
tzutil /s "China Standard Time"
to find your own time zone, run this command to list all the available
timezones and just copy paste to the command above:
tzutil /l
source: https://technet.microsoft.com/en-us/library/hh825053.aspx
Monday, August 28, 2017
PowerShell Script to send Notification on new dhcp lease
Here is a little powershell script i assembled from different sources to send me an email notifying when there is a new DHCP lease for a computer that is not in the AD
#step 1: get computer names from dhcp
Get-DhcpServerv4Lease -allleases -ScopeId "192.168.X.0" -ComputerName "DHCPSERVERNAME" |
Select-Object @{expression= {$_.hostname}; label='name' } | export-CSV -notypeinformation C:\temp\dhcp\LeaseLog.csv
$leaselogpath = "c:\temp\DHCP\LeaseLog.csv"
$dhcplist = Import-csv -path $leaselogpath | ForEach-Object -Process {$_.Name.Replace(".domain.local",$null)}
#step 2: get computer names from AD
import-module activedirectory
$adlist = (Get-ADComputer -filter *).name
#step 3: compare both above lists to find new computer name from dhcp
$comparedlist = (Compare-Object -ReferenceObject $adlist -DifferenceObject $dhcplist ).InputObject
#step 4: compare against static computers in the network
$staticlist = Get-Content C:\temp\DHCP\static.txt
$newdhcp = (Compare-Object $staticlist $comparedlist).InputObject
#step 5: send the email only when there is a new name from all the comparisons
if($newdhcp) {
#send email to sysadmin
$smtpserver = "SMTPADDRESS"
$from="dhcp@domain.local"
$to="admin@domain.local"
$subject="New Non-AD joined DHCP clients"
$body= "$newdhcp `n
If it is legit, add it to c:\temp\dhcp\static.txt list"
$mailer = new-object Net.Mail.SMTPclient($smtpserver)
$msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)
$msg.IsBodyHTML = $false
$mailer.send($msg)
} else {
}
Some issues with this script:
1. Need to maintain the static.txt list
2. Duplicate names in dhcp will be sent by email as a new lease
3. when computer in the AD is disconnected from the network and dhcp lease expires you will get notification as a new lease
#step 1: get computer names from dhcp
Get-DhcpServerv4Lease -allleases -ScopeId "192.168.X.0" -ComputerName "DHCPSERVERNAME" |
Select-Object @{expression= {$_.hostname}; label='name' } | export-CSV -notypeinformation C:\temp\dhcp\LeaseLog.csv
$leaselogpath = "c:\temp\DHCP\LeaseLog.csv"
$dhcplist = Import-csv -path $leaselogpath | ForEach-Object -Process {$_.Name.Replace(".domain.local",$null)}
#step 2: get computer names from AD
import-module activedirectory
$adlist = (Get-ADComputer -filter *).name
#step 3: compare both above lists to find new computer name from dhcp
$comparedlist = (Compare-Object -ReferenceObject $adlist -DifferenceObject $dhcplist ).InputObject
#step 4: compare against static computers in the network
$staticlist = Get-Content C:\temp\DHCP\static.txt
$newdhcp = (Compare-Object $staticlist $comparedlist).InputObject
#step 5: send the email only when there is a new name from all the comparisons
if($newdhcp) {
#send email to sysadmin
$smtpserver = "SMTPADDRESS"
$from="dhcp@domain.local"
$to="admin@domain.local"
$subject="New Non-AD joined DHCP clients"
$body= "$newdhcp `n
If it is legit, add it to c:\temp\dhcp\static.txt list"
$mailer = new-object Net.Mail.SMTPclient($smtpserver)
$msg = new-object Net.Mail.MailMessage($from,$to,$subject,$body)
$msg.IsBodyHTML = $false
$mailer.send($msg)
} else {
}
Some issues with this script:
1. Need to maintain the static.txt list
2. Duplicate names in dhcp will be sent by email as a new lease
3. when computer in the AD is disconnected from the network and dhcp lease expires you will get notification as a new lease
Wednesday, August 2, 2017
Convert Vmware Vm to Hyper-v VM
First , Download and install Microsoft Virtual Machine Converter 3.0:
https://www.microsoft.com/en-us/download/details.aspx?id=42497
Next, if you still doesn't have VMware Converter , go ahead and download and install it too:
https://www.vmware.com/il/products/converter.html
After we have our VMware converter up un running , shutdown the Vm you want to convert, and open VMware converter, select convert machine, choose powered off together with VMware infrastructure virtual machine, enter you vcenter on esxi host address and ceredntials to connect, choose from the inventory your desired virtual machine and press next choose destination type as vmware workstation or other virtual machine and choose a shared drive to store the converted vmdk file.
at the next step review the virtual machine configuration and hit finish at the next screen to start the convert.
once finish you will the hard drives of the virtual machine as vmdk files, now we will use powershell to convert them to vhdx format to use in Hyper-v, open powershell as administrator and import the module from the Microsoft Virtual Machine Converter we downloaded in the first step:
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1'
now use this powershell command to begin the convert process:
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath d:\scratch\vmx\VM-disk1.vmdk -VhdType DynamicHardDisk -VhdFormat vhdx -destination c:\vm-disk1
once finish you will have a vhdx file you now need to copy to your hyper-v storage.
next just add the file as a disk to your hyper-v virtual machine and it should boot as it was in vmware.
another option (not tested by me) is to bypass the VMware converter step and just copy the vmdk file from the ESX datastore.
again i have not tried this.
Good Luck
https://www.microsoft.com/en-us/download/details.aspx?id=42497
Next, if you still doesn't have VMware Converter , go ahead and download and install it too:
https://www.vmware.com/il/products/converter.html
After we have our VMware converter up un running , shutdown the Vm you want to convert, and open VMware converter, select convert machine, choose powered off together with VMware infrastructure virtual machine, enter you vcenter on esxi host address and ceredntials to connect, choose from the inventory your desired virtual machine and press next choose destination type as vmware workstation or other virtual machine and choose a shared drive to store the converted vmdk file.
at the next step review the virtual machine configuration and hit finish at the next screen to start the convert.
once finish you will the hard drives of the virtual machine as vmdk files, now we will use powershell to convert them to vhdx format to use in Hyper-v, open powershell as administrator and import the module from the Microsoft Virtual Machine Converter we downloaded in the first step:
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1'
now use this powershell command to begin the convert process:
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath d:\scratch\vmx\VM-disk1.vmdk -VhdType DynamicHardDisk -VhdFormat vhdx -destination c:\vm-disk1
once finish you will have a vhdx file you now need to copy to your hyper-v storage.
next just add the file as a disk to your hyper-v virtual machine and it should boot as it was in vmware.
another option (not tested by me) is to bypass the VMware converter step and just copy the vmdk file from the ESX datastore.
again i have not tried this.
Good Luck
Tuesday, April 8, 2014
Exchange Server 2010 Information Store Service not starting on Vmware VM
Exchange Server 2010 Information Store not starting
I Came across this issue when i tried to restart the Information Store Service.
All started when a backup exec jobs failed with an error and caused the VSS Microsoft Exchange
Writer to be unstable and stack on "Retryable error".
A restart off the service and the server did not solve the problem
till I found some logs and discussion about this problem on the web telling
that there maybe a time difference between the vm and the vm host.
So I checked the vm host for time And found out that it is was just a couple minutes apart, so I have
updated the time on the host and added NTP time server, restarted the exchange vm
and all services started just fine:
The environment in question was vsphere 5.1 with 5.1 esxi host and a vm
exchange 2010
Thursday, March 27, 2014
Group Policy Windows 8 Login to desktop
Here is a quick way to configure a group policy for windows 8 clients to login directly to desktop skipping the tiles:
Make a new Group Policy Object (With a name that you can resovle to what it does).
Edit the Policy and navigate to the following plae:
Add a new Registry Item
Edit all the properties with the following info:
*key path is: Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
Make a new Group Policy Object (With a name that you can resovle to what it does).
Edit the Policy and navigate to the following plae:
Add a new Registry Item
Edit all the properties with the following info:
*key path is: Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
CentOS 6.4 Minimal, vmware and hyper-v no eth0
When you install the minimal installtaion of CentOS 6.4 there are no eth0 in ifconfig
Simple and on-time way to do this is to run this command:
# dhclient -v eth0
But if you want a permament solution, edit the eth0 script file:
/etc/sysconfig/network-scripts/ifcfg-eth0
with these parameters:
ONBOOT=yes
BOOTPROTO="dhcp"
and restart the machine, you should have eth0 pulling dhcp address everytime you reboot.
Simple and on-time way to do this is to run this command:
# dhclient -v eth0
But if you want a permament solution, edit the eth0 script file:
/etc/sysconfig/network-scripts/ifcfg-eth0
with these parameters:
ONBOOT=yes
BOOTPROTO="dhcp"
and restart the machine, you should have eth0 pulling dhcp address everytime you reboot.
Subscribe to:
Posts (Atom)