sunderwood

HOWTO - use logmon to scan Exchange powershell commands

Discussion created by sunderwood on Aug 23, 2012

Hi all

 

I have been banging my head on the desk for the last few days trying to get alarms fired based on Exchange powershell command output. This morning, I finally got it to work! :smileyhappy:

 

So I thought I would share it with all of you. We are running windows 2008 R2, Exchange 2010 and logmon v3.13

 

First thing to do is allow the system account of your Exchange server to run read-only powershell commands. We will use the 'command' feature of logmon and this can only run as the system account for the server on which the probe is installed.

 

Launch powershell and run

 

Set-ADServerSettings -viewentireforest $true (shouldn't need this for a single domain/forest setup)

get-rolegroup | fl name

 

You should get a name something like 'View-Only Organization Management' Make a note of this for the next command

 

Then run

 

Add-RoleGroupMember "View-Only Organization Management" -member EXCHSERVER

 

The system can now run most, but not all Exchange powershell cmdlets. Luckily, all the useful ones regarding databases are allowed.

 

Now create a batch file that logmon will launch. Update the paths according to your Exchange installation and drive letters. The batch file will contain one single line as below.

 

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nologo -noprofile -noninteractive -command ". 'E:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -server EXCHSERVER; &'e:\alerts\scripts\exch_powershell.ps1'"

And now can you can create your exch_powershell.ps1 file with all the commands that you want. My example below just pulls out the last database backup and works out how long ago it was.

 

get-mailboxdatabase -status | foreach-object {
    $noOfDays = (get-date) - $_.lastfullbackup
    $noOfDays = $noOfDays.Days
    "$_ last backup success > 9 days, it was $noOfDays days ago"
}

Test the batch file before you stick it into logmon.

 

Then for your logmon probe, under the General tab, Mode, choose command. Then under file, stick the path to your batch file in.

 

You can now go ahead and configure your watcher rules.

 

Turn up the logging to level 3 and watch it if you get stuck. It helped me a lot, as you can capture any Powershell errors there.

 

Good luck!

 

Paul

Outcomes