Tomcat logs events into the system log. You can use the get-wmiobject commandlet to see events. Here, we’ll look at a JSS and view only system events: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' We can then use AND to further constrain to specific messages, in this case those containing Tomcat: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') We can then further constrain output to those with a specific EventCode with another compound statement: Get-WmiObject Win32_NTLogEvent -ComputerName $jss -Filter "LogFile='system' AND (Message like '%Tomcat%') AND (EventCode=1024) For a comprehensive list of Windows event codes, see https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx. You could instead use get-eventlog to see system logs. For example, the…
-
-
Dead Tech Books
As an author of technical books, I’ve been very interested in the comings and goings of technical books for a long time. This new Instagram feed is an expedition into what once was and how quickly the times change. Feed is embedded into a page on krypted to make it easier to see. Curious how many of my books are now “Dead Tech Books”…
-
Rock the Logging Facilities in Windows Server (aka More Syslog Crap)
The default logs in Windows Server can be tweaked to provide a little better information. This is really helpful, for example, if you’re dumping your logs to a syslog server. Here’s a script that can make it happen with a few little tweaks to how we interpret data (to be run per host, just paste into a Powershell interface as an administrator): auditpol /set /subcategory:"Security State Change" /success:enable /failure:enable auditpol /set /subcategory:"Security System Extension" /success:enable /failure:enable auditpol /set /subcategory:"System Integrity" /success:enable /failure:enable auditpol /set /subcategory:"IPsec Driver" /success:disable /failure:disable auditpol /set /subcategory:"Other System Events" /success:disable /failure:enable auditpol /set /subcategory:"Logon" /success:enable /failure:enable auditpol /set /subcategory:"Logoff" /success:enable /failure:enable auditpol /set /subcategory:"Account Lockout" /success:enable…
-
Ask PowerShell Who Hasn’t Changed Their Active Directory Passwords
You can use PowerShell to pretty much get anything you want out of Active Directory. Let’s say you want to see when the last time a user changed their password was. You can use the Get-ADUser commandlet to obtain any attribute for a user in the Active Directory schema. To use Get-ADUser, you’ll need to define a scope. In this example, we’ll do so using the -filter option and filter for everyone, using an *. That could be a lot of data, so we’re also going to look for the property, or attribute of PasswordLastSet using the -Properties option: Get-ADUser –filter * -Properties PasswordLastSet We can then add a little…
-
Use PowerShell to Query WMI on Windows Servers
I recently needed to check and see whether a backup drive (which was just a 4TB USB drive) was plugged into a server. But the server had no GUI, so I had to use the command line. There was no drive letter mapped to this drive, so I needed to use something else and I needed to make a script that could be used long-term. Luckily, PowerShell can be used to obtain WMI information on the hardware installed on a computer. This allows administrators to query WMI about the USB devices currently installed on a server. In the following command, we’re going to use gwmi from PowerShell and we’re going…
-
Setting PowerShell Execution Policies
Microsoft doesn’t want any old tool to execute PowerShell scripts. But sometimes when we’re running a tool, we need the tool to be run in a way that violates the default execution policy. In order to facilitate this, Microsoft has also provided four levels of security for the PowerShell execution policy. These include: Restricted: The default execution policy, which forces commands to be entered interactively. All Signed: Only signed scripts can be run by a trusted publisher. Remote Signed: Any scripts created locally can run. Unrestricted: Any script can run. To configure an execution policy interactively, simply use the Set-ExecutionPolicy command followed by the name of the execution policy you…
-
Check It Ma, Logz For Dayz
On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest. The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc. Get-EventLog -list You can then take any of the log types and view information about them. To see System information: Get-EventLog System There will be too much information in many of these cases, so use the -newest option to see just the latest:…
-
Migrating Symantec Enterprise Vault SQL Tables
If you use Symantec’s Enterprise Vault solution and you need to migrate the SQL tables for Enterprise Vault to another server, you might have noticed that it’s not as simple as dumping tables from one host, restoring tables to another and changing some information on the Enterprise Vault server. This process takes a lot of time and is a relatively painful endeavor. But now Symantec has made the process much simpler, releasing a migration tool just for the database, available here: http://www.symantec.com/business/support//index?page=content&id=TECH214373 I guess they were listening to customers who complained about the process. Good for them!
-
Net Stats & Windows Server
Windows Server tracks the sessions that have been authenticated into the system, those that have been timed out, those that have errored, kb sent/received, response time, errors, permission problems, password problems, files opened, print job spooling and buffers quickly and easily. Simply use the net command we’ve all been using for 20 years, followed by stats or statistics: net statistics When prompted choose server or workstation. In this case, we’ll use Server. net statistics Server Here’s the output from a new server: And if you’re trying to troubleshoot client/server communications, keep in mind that you can look at much of this on the workstation side as well, but from the…
-
Redirecting Exchange Login Pages
By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site. At the bottom of the pane for the Default Web Site, click Features View if not already selected. Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g.…