Recently I came across a discussion and Christopher Little (GSS @VMware) has provided a small PoweCLI script to find out about the failed logins.
As the logins are stored under VC database, the retention policy of VCDB is critical so make sure if you want to get previous events then you might have to restore the database to find out the history of failed logins to particualar ESX/ESXi host managed by that virtual center server.
$events = Get-VIEvent
As the logins are stored under VC database, the retention policy of VCDB is critical so make sure if you want to get previous events then you might have to restore the database to find out the history of failed logins to particualar ESX/ESXi host managed by that virtual center server.
$events = Get-VIEvent
foreach ($event in
$events) {if ($event.fullFormattedMessage -match "Cannot login
(.*)@(.*)") {Write-Host ("User " + $matches[1] + " failed to login from "
+ $matches[2] + " at: " + $event.createdTime)} }
If you find any other ways to do it let me know through DM
@mandivs
No comments:
Post a Comment