Is there a way to export data from the deployment manager through email or saving a local copy of the data?
Hi Akshar,
Please save the following script as .ps1 and run it on an InTrust Server.
<#
.SYNOPSIS
Dumps real-time event collection information into a CSV file.
.DESCRIPTION
Real-time collections are created and can be viewed in InTrust Deployment Manager. This script dumps the information displayed there into a CSV file for further analysis.
The script is intended to be run on any of the InTrust servers in the InTrust organization under an account which has at least Read permissions in the InTrust organization.
The following columns are written in default mode:
- CurrentTimeLocal
- ServerName
- ServerVersion
- AgentName
- AgentDomain
- AgentStatus
- AgentVersion
- AgentType
- CollectionName
- RepositoryName
- DataSourceName
- DataSourceStatus
- LastEventTimeGMT
The following columns are added in -Verbose mode:
- AgentStatusCode
- AgentStatusError
- AgentTypeCode
- AgentID
- RTAgentID
- RepositoryID
- DataSourceID
- DataSourceStatusCode
- DataSourceError
.PARAMETER OutputFile
The name of the destination CSV file.
.PARAMETER Verbose
Adds extra fields (codes, errors and GUIDs) to the destination CSV file.
.PARAMETER Server
The InTrust server to use. By default, the script tries to use InTrust Server on the local computer. To specify a server, supply its IP address or UNC name.
.PARAMETER ServerPort
The port to use for connecting to the InTrust server. If this parameter is omitted, the script tries the default InTrust Server port 8340.
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -OutputFile InTrustOrg1.csv
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -Verbose
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -Server 10.154.12.47 -ServerPort 8888
.NOTES
Version: 8
Date: November 19, 2019
QUEST SOFTWARE PROPRIETARY INFORMATION
This software is confidential. Quest Software Inc., or one of its
subsidiaries, has supplied this software to you under terms of a
license agreement, nondisclosure agreement or both. You may not copy,
disclose, or use this software except in accordance with those terms.
Copyright 2019 Quest Software Inc.
ALL RIGHTS RESERVED.
QUEST SOFTWARE INC. MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE SOFTWARE,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. QUEST SOFTWARE SHALL NOT BE LIABLE FOR
ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
#>
param (
[string]$OutputFile = "RtcStatus.csv",
[switch]$Verbose = $false,
[string]$Server = "127.0.0.1",
[int]$ServerPort = 8340
)
function Decode-AgentStatus ($value)
{
switch ($value) {
0 {
"Running"
break
}
1 {
"Not Responding or Lost"
break
}
100 {
"Unavailable and Lost"
break
}
101 {
"Unavailable and Lost"
break
}
default {
"Unknown"
}
}
}
function Decode-ComputerType ($value)
{
$result = "Server"
if ($value -eq 0 -or $value -eq -1) {$result = "Unknown"} else {
if (($value -band 24) -ne 0) {$result = "Domain Controller"} else {
if (($value -band 32792) -eq 0 -and ($value -band 1) -ne 0) {$result = "Workstation"}
}
}
return $result
}
function Decode-DataSourceStatus ($value)
{
switch ($value) {
0 {
"Success"
break
}
default {
"Failure"
}
}
}
#Requires -Version 4
if ([Environment]::Is64BitProcess) {
Write-Host -ForegroundColor Red "Please run this script with 32-bit PowerShell"
}
else {
try {
$connection = new-object -Com AdcRpcConnection.AdcRpcConnection
$connection.ConnectWithEndpoint("ncacn_ip_tcp:" + $Server + "[$ServerPort]")
$connection.SetClientSecurity("", 9, 6, "", "", "")
$session = new-object -Com AdcCfg.AdcCfgSession
$session.Connect($connection, "")
$roots = $session.RootObjects
$configuration = $roots.Item("Configuration")
$adcServersCollection = $configuration.Children.Item("ADCServers")
$adcServers = $adcServersCollection.Children
$adcServerNameHashTable = @{}
$adcServerVersionHashTable = @{}
$adcServerInstalledAgentHashTable = @{}
foreach ($adcServer in $adcServers){
$adcServerNameHashTable += @{$adcServer.Properties.Item("Guid").Value = $adcServer.Properties.Item("Name").Value}
$adcServerParams = $adcServer.Properties.Item("ServerParameters").Value
foreach ($adcServerParam in $adcServerParams){
if ($adcServerParam.Properties.Item("Name").Value -eq "version"){
$adcServerVersionHashTable += @{$adcServer.Properties.Item("Guid").Value = $adcServerParam.Properties.Item("Value").Value}
}
}
$adcServerInstalledAgents = $adcServer.Properties.Item("InstalledAgents").Value
foreach ($adcServerInstalledAgent in $adcServerInstalledAgents){
$adcServerInstalledAgentSites = $adcServerInstalledAgent.Properties.Item("AgentSites").Value
$adcServerInstalledAgentSiteArray = @()
foreach ($adcServerInstalledAgentSite in $adcServerInstalledAgentSites){
$adcServerInstalledAgentSiteArray += $adcServerInstalledAgentSite.Properties.Item("SiteID").Value
}
$adcServerInstalledAgentHashTable += @{$adcServerInstalledAgent.Properties.Item("AgentID").Value = $adcServerInstalledAgentSiteArray}
}
}
write-output "Servers and Agents enumeration is done."
$adcDataSourcesCollection = $configuration.Children.Item("adcDataSources")
$adcDataSources = $adcDataSourcesCollection.Children
$adcDataSourcesHashTable = @{}
$adcDataSourcesArray = @()
foreach ($adcDataSource in $adcDataSources){
$adcDataSourcesHashTable += @{$adcDataSource.Properties.Item("Guid").Value = $adcDataSource.Properties.Item("Name").Value}
$adcDataSourcesArray += $adcDataSource.Properties.Item("Guid").Value
}
write-output "Repositories enumeration is done."
$itrtDataSourcesCollection = $configuration.Children.Item("ITRTDataSources")
$itrtDataSources = $itrtDataSourcesCollection.Children
$itrtDataSourcesHashTable = @{}
foreach ($itrtDataSource in $itrtDataSources){
$itrtDataSourcesHashTable += @{$itrtDataSource.Properties.Item("Guid").Value = $itrtDataSource.Properties.Item("Name").Value}
if (-Not ($itrtDataSourcesHashTable.ContainsKey($itrtDataSource.Properties.Item("ProviderId").Value))){
$itrtDataSourcesHashTable += @{$itrtDataSource.Properties.Item("ProviderId").Value = $itrtDataSource.Properties.Item("Name").Value}
}
}
write-output "Data Sources enumeration is done."
$itrtCollectingsCollection = $configuration.Children.Item("ITRTCollectings")
$itrtCollectings = $itrtCollectingsCollection.Children
$itrtWindowsCollectingsHashTable = @{}
foreach ($itrtCollecting in $itrtCollectings){
$itrtCollectingSites = $itrtCollecting.Properties.Item("Sites").Value
foreach ($itrtCollectingSite in $itrtCollectingSites){
$site = $itrtCollectingSite.Properties.Item("SiteID").Value
$repo = $itrtCollecting.Properties.Item("Repository").Value
$itrtWindowsCollectingsHashTable += @{"$($site)_$($repo)" = $itrtCollecting.Properties.Item("Name").Value}
}
}
$itrtSyslogCollectings = $itrtCollectingsCollection.Properties.Item("SyslogCollectings").Value
$itrtSyslogCollectingsHashTable = @{}
foreach ($itrtSyslogCollecting in $itrtSyslogCollectings){
$srv = $itrtSyslogCollecting.Properties.Item("Server").Value
$repo = $itrtSyslogCollecting.Properties.Item("Repository").Value
if ($itrtSyslogCollectingsHashTable.ContainsKey("$($srv)_$($repo)")){
$itrtSyslogCollectingsHashTable["$($srv)_$($repo)"] = $itrtSyslogCollectingsHashTable["$($srv)_$($repo)"] + "|" + $itrtSyslogCollecting.Properties.Item("Name").Value
}
else {
$itrtSyslogCollectingsHashTable += @{"$($srv)_$($repo)" = $itrtSyslogCollecting.Properties.Item("Name").Value}
}
}
$adcSitesCollection = $configuration.Children.Item("ADCSites")
$adcSites = $adcSitesCollection.Children
foreach ($adcSite in $adcSites){
$srv = $adcSite.Properties.Item("OwnerServerId").Value
$site = $adcSite.Properties.Item("Guid").Value
foreach ($adcDataSource in $adcDataSourcesArray){
if ($itrtWindowsCollectingsHashTable.ContainsKey("$($site)_$($adcDataSource)")){
if ($itrtWindowsCollectingsHashTable.ContainsKey("$($srv)_$($adcDataSource)")){
$itrtWindowsCollectingsHashTable["$($srv)_$($adcDataSource)"] = $itrtWindowsCollectingsHashTable["$($srv)_$($adcDataSource)"] + "|" + $itrtWindowsCollectingsHashTable["$($site)_$($adcDataSource)"]
}
else {
$itrtWindowsCollectingsHashTable += @{"$($srv)_$($adcDataSource)" = $itrtWindowsCollectingsHashTable["$($site)_$($adcDataSource)"]}
}
}
}
}
write-output "Sites and Collections enumeration is done."
$liveSyslogDevicesCollection = $configuration.Children.Item("LiveSyslogDevices")
$liveSyslogDevices = $liveSyslogDevicesCollection.Children
$liveSyslogDevicesServerHashTable = @{}
foreach ($liveSyslogDevice in $liveSyslogDevices){
$dvc = $liveSyslogDevice.Properties.Item("Name").Value
if ($liveSyslogDevicesServerHashTable.ContainsKey($dvc)){
$liveSyslogDevicesServerHashTable[$dvc] += $liveSyslogDevice.Properties.Item("ServerId").Value
}
else {
$liveSyslogDevicesServerHashTable += @{$dvc = @($liveSyslogDevice.Properties.Item("ServerId").Value)}
}
}
write-output "Alive Syslog Devices enumeration is done."
write-output "Please wait while real-time collection information is saved..."
$itrtAgentsCollection = $configuration.Children.Item("ITRTAgents")
$itrtAgents = $itrtAgentsCollection.Children
$rtdsResults = @()
$currentTimeLocal = get-date
foreach ($agent in $itrtAgents){
$adcServerInstalledAgentSiteHashTable = $adcServerInstalledAgentHashTable
if ($agent.Properties.Item("AgentID").Value -eq $agent.Properties.Item("ServerId").Value){
$adcServerInstalledAgentSiteHashTable += @{$agent.Properties.Item("AgentID").Value = @($agent.Properties.Item("ServerId").Value)}
}
$dataSources = $agent.Properties.Item("DataSources").Value
foreach ($dataSource in $dataSources){
if ($dataSource.Properties.Item("DataSourceID").Value -eq "{8F1E5294-00D2-4568-8FD2-1AFFF195240E}"){
if ($liveSyslogDevicesServerHashTable.ContainsKey($agent.Properties.Item("ComputerName").Value)){
$liveSyslogDevicesServers = $liveSyslogDevicesServerHashTable[$agent.Properties.Item("ComputerName").Value]
foreach ($liveSyslogDevicesServer in $liveSyslogDevicesServers){
if ($liveSyslogDevicesServer -eq $agent.Properties.Item("ServerId").Value){
$agt = $agent.Properties.Item("AgentId").Value
if ($adcServerInstalledAgentSiteHashTable.ContainsKey($agt)){
$adcServerInstalledAgentSiteHashTable[$agt] = @($agent.Properties.Item("ServerId").Value)
}
else {
$adcServerInstalledAgentSiteHashTable += @{$agt = @($agent.Properties.Item("ServerId").Value)}
}
}
}
}
$itrtCollectingsHashTable = $itrtSyslogCollectingsHashTable
}
else {
$itrtCollectingsHashTable = $itrtWindowsCollectingsHashTable
}
$itrtAgentSites = $adcServerInstalledAgentSiteHashTable[$agent.Properties.Item("AgentId").Value]
foreach ($itrtAgentSite in $itrtAgentSites){
$repo = $dataSource.Properties.Item("RepositoryID").Value
if ($itrtCollectingsHashTable.ContainsKey("$($itrtAgentSite)_$($repo)")){
$detailsHashTable = [ordered] @{
CurrentTimeLocal = $currentTimeLocal
ServerName = $adcServerNameHashTable[$agent.Properties.Item("ServerId").Value]
ServerVersion = $adcServerVersionHashTable[$agent.Properties.Item("ServerId").Value]
AgentName = $agent.Properties.Item("ComputerName").Value
AgentDomain = $agent.Properties.Item("DomainName").Value
AgentStatus = Decode-AgentStatus ($agent.Properties.Item("Status").Value)
AgentVersion = $agent.Properties.Item("Version").Value
AgentType = Decode-ComputerType ($agent.Properties.Item("Type").Value)
CollectionName = $itrtCollectingsHashTable["$($itrtAgentSite)_$($repo)"]
RepositoryName = $adcDataSourcesHashTable[$dataSource.Properties.Item("RepositoryID").Value]
DataSourceName = $itrtDataSourcesHashTable[$dataSource.Properties.Item("DataSourceID").Value]
DataSourceStatus = Decode-DataSourceStatus ($dataSource.Properties.Item("Status").Value)
LastEventTimeGMT = $dataSource.Properties.Item("LastEventTime").Value
}
if ($verbose){
$detailsHashTable += [ordered] @{
AgentStatusCode = $agent.Properties.Item("Status").Value
AgentStatusError = $agent.Properties.Item("Description").Value
AgentTypeCode = $agent.Properties.Item("Type").Value
AgentID = $agent.Properties.Item("AgentId").Value
RTAgentID = $agent.Properties.Item("Guid").Value
RepositoryID = $dataSource.Properties.Item("RepositoryID").Value
DataSourceID = $dataSource.Properties.Item("DataSourceID").Value
DataSourceStatusCode = $dataSource.Properties.Item("Status").Value
DataSourceError = $dataSource.Properties.Item("Description").Value
}
}
$rtdsResults += new-object PSObject -Property $detailsHashTable
}
}
}
}
if ($rtdsResults.Count -eq 0){
$header = '"CurrentTimeLocal","ServerName","ServerVersion","AgentName","AgentDomain","AgentStatus","AgentVersion","AgentType","CollectionName","RepositoryName","DataSourceName","DataSourceStatus","LastEventTimeGMT"'
if ($verbose){
$header += ',"AgentStatusCode","AgentStatusError","AgentTypeCode","AgentID","RTAgentID","RepositoryID","DataSourceID","DataSourceStatusCode","DataSourceError"'
}
$header | out-file ".\$($OutputFile)" -Encoding UTF8
}
else {
$rtdsResults | export-csv -Path ".\$($OutputFile)" -Encoding UTF8 -NoTypeInformation -Delimiter ","
}
write-output "Please check the output file $($OutputFile)."
}
catch {
$e = $_.Exception
$line = $_.InvocationInfo.ScriptLineNumber
write-host -ForegroundColor Red "An error occurred at line $line : $e"
}
}
Thank you Igor. I am receiving the error below (i replaced the actual key with x):
An error occurred at line 159 : System.ArgumentException: Item has already been added. Key in dictionary: '{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}' Key being added: '{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}'
at System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)
at System.Collections.Hashtable.Add(Object key, Object value)
at System.Management.Automation.HashtableOps.Add(IDictionary lvalDict, IDictionary rvalDict)
at lambda_method(Closure , Object[] , StrongBox`1[] , InterpretedFrame )
Hi Akshar,
I was able to reproduce this situation, please wait a while for the fixed script...
Please try this one which is probably fixing the issue:
<#
.NOTES
QUEST SOFTWARE PROPRIETARY INFORMATION
This software is confidential. Quest Software Inc., or one of its
subsidiaries, has supplied this software to you under terms of a
license agreement, nondisclosure agreement or both. You may not copy,
disclose, or use this software except in accordance with those terms.
Copyright 2019 Quest Software Inc.
ALL RIGHTS RESERVED.
QUEST SOFTWARE INC. MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE SOFTWARE,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. QUEST SOFTWARE SHALL NOT BE LIABLE FOR
ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES.
.NOTES
Version: 9
Date: November 21, 2019
.SYNOPSIS
Dumps real-time event collection information into a CSV file.
.DESCRIPTION
Real-time collections are created and can be viewed in InTrust Deployment Manager. This script dumps the information displayed there into a CSV file for further analysis.
The script is intended to be run on any of the InTrust servers in the InTrust organization under an account which has at least Read permissions in the InTrust organization.
The following columns are written in default mode:
- CurrentTimeLocal
- ServerName
- ServerVersion
- AgentName
- AgentDomain
- AgentStatus
- AgentVersion
- AgentType
- CollectionName
- RepositoryName
- DataSourceName
- DataSourceStatus
- LastEventTimeGMT
The following columns are added in -Verbose mode:
- AgentStatusCode
- AgentStatusError
- AgentTypeCode
- AgentID
- RTAgentID
- RepositoryID
- DataSourceID
- DataSourceStatusCode
- DataSourceError
.PARAMETER OutputFile
The name of the destination CSV file.
.PARAMETER Verbose
Adds extra fields (codes, errors and GUIDs) to the destination CSV file.
.PARAMETER Server
The InTrust server to use. By default, the script tries to use InTrust Server on the local computer. To specify a server, supply its IP address or UNC name.
.PARAMETER ServerPort
The port to use for connecting to the InTrust server. If this parameter is omitted, the script tries the default InTrust Server port 8340.
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -OutputFile InTrustOrg1.csv
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -Verbose
.EXAMPLE
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -file .\RealTimeCollectionStatus.ps1 -Server 10.154.12.47 -ServerPort 8888
#>
param (
[string]$OutputFile = "RtcStatus.csv",
[switch]$Verbose = $false,
[string]$Server = "127.0.0.1",
[int]$ServerPort = 8340
)
function Decode-AgentStatus ($value)
{
switch ($value) {
0 {
"Running"
break
}
1 {
"Not Responding or Lost"
break
}
100 {
"Unavailable and Lost"
break
}
101 {
"Unavailable and Lost"
break
}
default {
"Unknown"
}
}
}
function Decode-ComputerType ($value)
{
$result = "Server"
if ($value -eq 0 -or $value -eq -1) {$result = "Unknown"} else {
if (($value -band 24) -ne 0) {$result = "Domain Controller"} else {
if (($value -band 32792) -eq 0 -and ($value -band 1) -ne 0) {$result = "Workstation"}
}
}
return $result
}
function Decode-DataSourceStatus ($value)
{
switch ($value) {
0 {
"Success"
break
}
default {
"Failure"
}
}
}
#Requires -Version 4
if ([Environment]::Is64BitProcess) {
Write-Host -ForegroundColor Red "Please run this script with 32-bit PowerShell"
}
else {
try {
$connection = new-object -Com AdcRpcConnection.AdcRpcConnection
$connection.ConnectWithEndpoint("ncacn_ip_tcp:" + $Server + "[$ServerPort]")
$connection.SetClientSecurity("", 9, 6, "", "", "")
$session = new-object -Com AdcCfg.AdcCfgSession
$session.Connect($connection, "")
$roots = $session.RootObjects
$configuration = $roots.Item("Configuration")
$adcServersCollection = $configuration.Children.Item("ADCServers")
$adcServers = $adcServersCollection.Children
$adcServerNameHashTable = @{}
$adcServerVersionHashTable = @{}
$adcServerInstalledAgentHashTable = @{}
foreach ($adcServer in $adcServers){
$srv = $adcServer.Properties.Item("Guid").Value
$adcServerNameHashTable += @{$srv = $adcServer.Properties.Item("Name").Value}
$adcServerParams = $adcServer.Properties.Item("ServerParameters").Value
foreach ($adcServerParam in $adcServerParams){
if ($adcServerParam.Properties.Item("Name").Value -eq "version"){
$adcServerVersionHashTable += @{$srv = $adcServerParam.Properties.Item("Value").Value}
}
}
$adcServerInstalledAgents = $adcServer.Properties.Item("InstalledAgents").Value
foreach ($adcServerInstalledAgent in $adcServerInstalledAgents){
$agt = $adcServerInstalledAgent.Properties.Item("AgentID").Value
$adcServerInstalledAgentSites = $adcServerInstalledAgent.Properties.Item("AgentSites").Value
$adcServerInstalledAgentSiteArray = @()
foreach ($adcServerInstalledAgentSite in $adcServerInstalledAgentSites){
$adcServerInstalledAgentSiteArray += $adcServerInstalledAgentSite.Properties.Item("SiteID").Value
}
$adcServerInstalledAgentHashTable += @{"$($srv)_$($agt)" = $adcServerInstalledAgentSiteArray}
}
}
write-output "Servers and Agents enumeration is done."
$adcDataSourcesCollection = $configuration.Children.Item("adcDataSources")
$adcDataSources = $adcDataSourcesCollection.Children
$adcDataSourcesHashTable = @{}
$adcDataSourcesArray = @()
foreach ($adcDataSource in $adcDataSources){
$adcDataSourcesHashTable += @{$adcDataSource.Properties.Item("Guid").Value = $adcDataSource.Properties.Item("Name").Value}
$adcDataSourcesArray += $adcDataSource.Properties.Item("Guid").Value
}
write-output "Repositories enumeration is done."
$itrtDataSourcesCollection = $configuration.Children.Item("ITRTDataSources")
$itrtDataSources = $itrtDataSourcesCollection.Children
$itrtDataSourcesHashTable = @{}
foreach ($itrtDataSource in $itrtDataSources){
$itrtDataSourcesHashTable += @{$itrtDataSource.Properties.Item("Guid").Value = $itrtDataSource.Properties.Item("Name").Value}
if (-Not ($itrtDataSourcesHashTable.ContainsKey($itrtDataSource.Properties.Item("ProviderId").Value))){
$itrtDataSourcesHashTable += @{$itrtDataSource.Properties.Item("ProviderId").Value = $itrtDataSource.Properties.Item("Name").Value}
}
}
write-output "Data Sources enumeration is done."
$itrtCollectingsCollection = $configuration.Children.Item("ITRTCollectings")
$itrtCollectings = $itrtCollectingsCollection.Children
$itrtWindowsCollectingsHashTable = @{}
foreach ($itrtCollecting in $itrtCollectings){
$itrtCollectingSites = $itrtCollecting.Properties.Item("Sites").Value
foreach ($itrtCollectingSite in $itrtCollectingSites){
$site = $itrtCollectingSite.Properties.Item("SiteID").Value
$repo = $itrtCollecting.Properties.Item("Repository").Value
$itrtWindowsCollectingsHashTable += @{"$($site)_$($repo)" = $itrtCollecting.Properties.Item("Name").Value}
}
}
$itrtSyslogCollectings = $itrtCollectingsCollection.Properties.Item("SyslogCollectings").Value
$itrtSyslogCollectingsHashTable = @{}
foreach ($itrtSyslogCollecting in $itrtSyslogCollectings){
$srv = $itrtSyslogCollecting.Properties.Item("Server").Value
$repo = $itrtSyslogCollecting.Properties.Item("Repository").Value
if ($itrtSyslogCollectingsHashTable.ContainsKey("$($srv)_$($repo)")){
$itrtSyslogCollectingsHashTable["$($srv)_$($repo)"] = $itrtSyslogCollectingsHashTable["$($srv)_$($repo)"] + "|" + $itrtSyslogCollecting.Properties.Item("Name").Value
}
else {
$itrtSyslogCollectingsHashTable += @{"$($srv)_$($repo)" = $itrtSyslogCollecting.Properties.Item("Name").Value}
}
}
$adcSitesCollection = $configuration.Children.Item("ADCSites")
$adcSites = $adcSitesCollection.Children
foreach ($adcSite in $adcSites){
$srv = $adcSite.Properties.Item("OwnerServerId").Value
$site = $adcSite.Properties.Item("Guid").Value
foreach ($adcDataSource in $adcDataSourcesArray){
if ($itrtWindowsCollectingsHashTable.ContainsKey("$($site)_$($adcDataSource)")){
if ($itrtWindowsCollectingsHashTable.ContainsKey("$($srv)_$($adcDataSource)")){
$itrtWindowsCollectingsHashTable["$($srv)_$($adcDataSource)"] = $itrtWindowsCollectingsHashTable["$($srv)_$($adcDataSource)"] + "|" + $itrtWindowsCollectingsHashTable["$($site)_$($adcDataSource)"]
}
else {
$itrtWindowsCollectingsHashTable += @{"$($srv)_$($adcDataSource)" = $itrtWindowsCollectingsHashTable["$($site)_$($adcDataSource)"]}
}
}
}
}
write-output "Sites and Collections enumeration is done."
$liveSyslogDevicesCollection = $configuration.Children.Item("LiveSyslogDevices")
$liveSyslogDevices = $liveSyslogDevicesCollection.Children
$liveSyslogDevicesServerHashTable = @{}
foreach ($liveSyslogDevice in $liveSyslogDevices){
$dvc = $liveSyslogDevice.Properties.Item("Name").Value
if ($liveSyslogDevicesServerHashTable.ContainsKey($dvc)){
$liveSyslogDevicesServerHashTable[$dvc] += $liveSyslogDevice.Properties.Item("ServerId").Value
}
else {
$liveSyslogDevicesServerHashTable += @{$dvc = @($liveSyslogDevice.Properties.Item("ServerId").Value)}
}
}
write-output "Alive Syslog Devices enumeration is done."
write-output "Please wait while real-time collection information is saved..."
$itrtAgentsCollection = $configuration.Children.Item("ITRTAgents")
$itrtAgents = $itrtAgentsCollection.Children
$rtdsResults = @()
$currentTimeLocal = get-date
foreach ($agent in $itrtAgents){
$agt = $agent.Properties.Item("AgentId").Value
$srv = $agent.Properties.Item("ServerId").Value
$adcServerInstalledAgentSiteHashTable = $adcServerInstalledAgentHashTable
if ($agt -eq $srv){
$adcServerInstalledAgentSiteHashTable += @{"$($srv)_$($agt)" = @($srv)}
}
$dataSources = $agent.Properties.Item("DataSources").Value
foreach ($dataSource in $dataSources){
if ($dataSource.Properties.Item("DataSourceID").Value -eq "{8F1E5294-00D2-4568-8FD2-1AFFF195240E}"){
if ($liveSyslogDevicesServerHashTable.ContainsKey($agent.Properties.Item("ComputerName").Value)){
$liveSyslogDevicesServers = $liveSyslogDevicesServerHashTable[$agent.Properties.Item("ComputerName").Value]
foreach ($liveSyslogDevicesServer in $liveSyslogDevicesServers){
if ($liveSyslogDevicesServer -eq $srv){
$agt = $agent.Properties.Item("AgentId").Value
if ($adcServerInstalledAgentSiteHashTable.ContainsKey("$($srv)_$($agt)")){
$adcServerInstalledAgentSiteHashTable["$($srv)_$($agt)"] = @($srv)
}
else {
$adcServerInstalledAgentSiteHashTable += @{"$($srv)_$($agt)" = @($srv)}
}
}
}
}
$itrtCollectingsHashTable = $itrtSyslogCollectingsHashTable
}
else {
$itrtCollectingsHashTable = $itrtWindowsCollectingsHashTable
}
$itrtAgentSites = $adcServerInstalledAgentSiteHashTable["$($srv)_$($agt)"]
foreach ($itrtAgentSite in $itrtAgentSites){
$repo = $dataSource.Properties.Item("RepositoryID").Value
if ($itrtCollectingsHashTable.ContainsKey("$($itrtAgentSite)_$($repo)")){
$detailsHashTable = [ordered] @{
CurrentTimeLocal = $currentTimeLocal
ServerName = $adcServerNameHashTable[$agent.Properties.Item("ServerId").Value]
ServerVersion = $adcServerVersionHashTable[$agent.Properties.Item("ServerId").Value]
AgentName = $agent.Properties.Item("ComputerName").Value
AgentDomain = $agent.Properties.Item("DomainName").Value
AgentStatus = Decode-AgentStatus ($agent.Properties.Item("Status").Value)
AgentVersion = $agent.Properties.Item("Version").Value
AgentType = Decode-ComputerType ($agent.Properties.Item("Type").Value)
CollectionName = $itrtCollectingsHashTable["$($itrtAgentSite)_$($repo)"]
RepositoryName = $adcDataSourcesHashTable[$dataSource.Properties.Item("RepositoryID").Value]
DataSourceName = $itrtDataSourcesHashTable[$dataSource.Properties.Item("DataSourceID").Value]
DataSourceStatus = Decode-DataSourceStatus ($dataSource.Properties.Item("Status").Value)
LastEventTimeGMT = $dataSource.Properties.Item("LastEventTime").Value
}
if ($verbose){
$detailsHashTable += [ordered] @{
AgentStatusCode = $agent.Properties.Item("Status").Value
AgentStatusError = $agent.Properties.Item("Description").Value
AgentTypeCode = $agent.Properties.Item("Type").Value
AgentID = $agent.Properties.Item("AgentId").Value
RTAgentID = $agent.Properties.Item("Guid").Value
RepositoryID = $dataSource.Properties.Item("RepositoryID").Value
DataSourceID = $dataSource.Properties.Item("DataSourceID").Value
DataSourceStatusCode = $dataSource.Properties.Item("Status").Value
DataSourceError = $dataSource.Properties.Item("Description").Value
}
}
$rtdsResults += new-object PSObject -Property $detailsHashTable
}
}
}
}
if ($rtdsResults.Count -eq 0){
$header = '"CurrentTimeLocal","ServerName","ServerVersion","AgentName","AgentDomain","AgentStatus","AgentVersion","AgentType","CollectionName","RepositoryName","DataSourceName","DataSourceStatus","LastEventTimeGMT"'
if ($verbose){
$header += ',"AgentStatusCode","AgentStatusError","AgentTypeCode","AgentID","RTAgentID","RepositoryID","DataSourceID","DataSourceStatusCode","DataSourceError"'
}
$header | out-file ".\$($OutputFile)" -Encoding UTF8
}
else {
$rtdsResults | export-csv -Path ".\$($OutputFile)" -Encoding UTF8 -NoTypeInformation -Delimiter ","
}
write-output "Please check the output file $($OutputFile)."
}
catch {
$e = $_.Exception
$line = $_.InvocationInfo.ScriptLineNumber
write-host -ForegroundColor Red "An error occurred at line $line : $e"
}
}
Hi Igor, that worked great- thank you!
One question- instead of choosing fields, can I get all the available fields? Then I can modify the script myself with only the fields I am interested in returning.
Hi Igor, that worked great- thank you!
One question- instead of choosing fields, can I get all the available fields? Then I can modify the script myself with only the fields I am interested in returning.
Well, this script just follows the structure of the InTrust Configuration database objects, so the request of "all fields" has unclear scope, there are lots of them. I'm using ADCServers, ADCDataSources, ITRTDataSources, ITRTCollectings, ADCSites, LiveSyslogDevices and ITRTAgents tables and analyze and join their properties by GUIDs if they are in the scope of the script. You can look into the database and find out and grab other columns in these tables. However, some information that the product (IDM) is showing relies on live network requests and cannot be obtained from database. I wonder, do you miss any specific field even in Verbose mode? If so, you can tell me and I will include it to the list. BTW, I also have to say that the feature of direct CSV export from the IDM UI may be included into one of the upcoming releases.