Use PowerShell and DSC to Enable Logging


Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell and the Desired State Configuration Resource Kit to enable logging.

Microsoft Scripting Guy, Ed Wilson, is here. Dude, a pumpkin patch sprung up across the street from us. On my walk to the university, I passed at least three pumpkin patches. I guess that means there was a bumper crop of pumpkins this year. I'm not sure why one would need so many of the large orange squashes. I mean, you can make soup, or a pie, or even roast the seeds. Beyond that, I am at a loss. Oh well...

There are some things that do fill an obvious need, however—such as the xWinEventLog provider from the Desired State Configuration (DSC) Resource Kit. What does it do? It permits me to easily turn or turn off logging for a particular log on a remote server. It also lets me specify the logging mode and set the maximum log size. Groovy.

Although I can do this manually, it is not always the most efficient thing to do. For example, if I want to use the Event Viewer to connect to a remote server to turn on, turn off, or view event logs, I need to poke holes in my firewall. Which ones? Dude, at this point I am not even sure.

I might also need to turn on a service. I wrote a script a long time ago that enabled these sorts of remote management utilities, and I had to poke several holes in the firewall and start several services to do so. It took a lot of research to figure out what exactly was needed. I spent over a week writing that script.

But by using DSC, I can do this quickly. Here is what happens, by default, when I try to connect to a remote event log:

Image of error message

Not only do I get an error message, but it also wastes a lot of time. I can pretty much write my DSC configuration and run it in the amount of time it takes to launch Event Viewer, retarget to a remote server, and wait for the error message.

When I find the log, maybe by going to the remote server, I can right-click the name of the log and examine the properties. Here is what I find:

Image of menu

Write the DSC configuration script

How hard is it to write a DSC configuration script? Well, it is pretty simple. I make sure I have the DSC resource by using Get-DSCResource. (I obtained the provider from the Script Center Repository: DSC Resource Kit.) You can download the providers one at a time, but I prefer to get them all at once.

The first thing I do is use the Configuration keyword and set the name for my configuration. I then specify the servers upon which I want to enable logging. I import the xWinEventLog DSC provider, and specify the full name of the log I want to enable. Here is that bit of code:

configuration EnableWMILog

{

    $Server = @('s1','s2')

    Import-DscResource -module xWinEventLog

    $logname = "Microsoft-Windows-WMI-Activity/Operational"

    node $Server

Next, I call the xWinEventLog provider and specify the log name, if I want to enable or disable the log, the logging mode, and the size of the log. Here is that portion of the DSC configuration script:

xWinEventLog WMILog

        {

            LogName            = $logname

            IsEnabled          = $true

            LogMode            = "AutoBackup"

            MaximumSizeInBytes = 2mb

        }

    }

Now I call the configuration and specify an output path for the MOF files that are created:

EnableWMILog -OutputPath c:\DSC\WMILog 

The last thing I do is start the DSC configuration of the remote servers. I use the –Verbose parameter to provide information such as verbose logging (which lets me know what is going on) and how long the configuration takes. I do not need to specify the server names again, because when I call the configuration script, it creates a MOF file for each server. When I specify the path for Start-DSCConfiguration, it reads all the MOF files and applies the configuration. Here is the script:

Start-DscConfiguration -Path C:\DSC\WMILog -Verbose -wait -debug

Here is the complete configuration script. It is 19 lines long, including blank lines, braces, and such.

configuration EnableWMILog

{

    $Server = @('s1','s2')

    Import-DscResource -module xWinEventLog

    $logname = "Microsoft-Windows-WMI-Activity/Operational"

    node $Server

    {

        xWinEventLog WMILog

        {

            LogName            = $logname

            IsEnabled          = $true

            LogMode            = "AutoBackup"

            MaximumSizeInBytes = 2mb

        }

    }

}

EnableWMILog -OutputPath c:\DSC\WMILog

Start-DscConfiguration -Path C:\DSC\WMILog -Verbose -wait -debug

Now whenever I run WMI scripts on the remote servers, I will have diagnostic logging. When things are working properly again, I can modify my DSC configuration and easily turn off the logging. Piece of cake—pumpkin or otherwise.

That is all there is to using DSC. DSC Resource Kit Week will continue tomorrow when I will talk about more way cool stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

Comments (2)

  1. Still trying to get into DCS. Seems a very useful kit!

Skip to main content