The below script captures the ‘Remote Console Connected’ event entries for all the VMs in a given vCener. It can be useful in case if someone wants to audit the information about who accessed the servers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $vc = Read-Host "Enter vCenter name you want to connect to" | |
| Connect-VIServer $vc | |
| $data = @() | |
| $vms = Get-VM | |
| foreach($vm in $vms) | |
| { | |
| Write-Host "Checking Events for VM -" $vm | |
| $t = Get-VIEvent -Entity $vm | where { $_.FullFormattedMessage -match "Remote Console Connected" } | select UserName,CreatedTime,FullFormattedMessage | |
| $row = @() | |
| $row = " " |Select VMName,AccessedUser,AccessTime,Description | |
| $row.VMName = $vm.Name | |
| $row.AccessedUser = $t.UserName | |
| $row.AccessTime = $t.CreatedTime | |
| $row.Description = $t.FullFormattedMessage | |
| if($t -ne $null ) { $data += $row } | |
| } | |
| $data | Export-Csv -Path .\Result.csv -NoTypeInformation | |
| Disconnect-VIServer $vc -Confirm:$false |
If your vCenter has many VMs the script will take a while to complete. You can get the output in csv file.
Thanks for reading!
netGet 