Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #A script for grabbing the list of Splunk clients and comparing it to a list of active P1s.
- cls
- #Making sure we have the folders we need
- If (!(test-path "\\emeadkhovsand01\logs\ssn\splunksearch")) {new-item "\\emeadkhovsand01\logs\ssn\splunksearch" -type Directory}
- If (!(test-path "\\emeadkhovsand01\logs\ssn\splunksearch\Missingtmp")) {new-item "\\emeadkhovsand01\logs\ssn\splunksearch\Missingtmp" -type Directory}
- write-host "Purging old files"
- If (test-path "\\emeadkhovsand01\logs\ssn\splunksearch\missingtmp") {write-host "Clearing Missingtmp"; Remove-Item \\emeadkhovsand01\logs\ssn\splunksearch\missingtmp\*}
- If (test-path "\\emeadkhovsand01\logs\ssn\splunksearch\missing.txt") {write-host "Clearing Missing.txt"; Remove-Item \\emeadkhovsand01\logs\ssn\splunksearch\missing.txt}
- write-host "Grabbing the list of Splunk clients"
- $secpasswd = ConvertTo-SecureString "Password" -AsPlainText -Force
- $mycreds = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)
- #dispatching the search
- $splunkdispatch = invoke-webrequest "https://url-to-splunk-server:8089/services/saved/searches/psrestpos/dispatch?dispatch.now&trigger_actions=1" -method POST -credential $mycreds -Proxy "Http://webproxy:8080" -ProxyUseDefaultCredentials
- #find the SID
- $SIDRegex = "\d{9,}_\d{5,}"
- $SID = select-string -Pattern $SIDRegex -InputObject $splunkdispatch.content | % { $_.Matches }
- write-host "`rSaved search has been dispatched, waiting for search to finish and continuing in 5" -NoNewLine; start-sleep -s 1
- write-host "`rSaved search has been dispatched, waiting for search to finish and continuing in 4" -NoNewLine; start-sleep -s 1
- write-host "`rSaved search has been dispatched, waiting for search to finish and continuing in 3" -NoNewLine; start-sleep -s 1
- write-host "`rSaved search has been dispatched, waiting for search to finish and continuing in 2" -NoNewLine; start-sleep -s 1
- write-host "`rSaved search has been dispatched, waiting for search to finish and continuing in 1"; start-sleep -s 1
- $splunkresults = invoke-webrequest "https://url-to-splunk-server:8089/servicesNS/nobody/search/search/jobs/username__username__search__psrestpos_at_$SID/results?output_mode=csv&count=0"-credential $mycreds -Proxy "Http://webproxy:8080" -ProxyUseDefaultCredentials
- #Strip the list of anything but the hostnames
- $regex = "PRD-[a-zA-Z]{2}0\d{3}-P1"
- $splunkhosts = select-string -Pattern $regex -InputObject $splunkresults.content -AllMatches | % { $_.Matches } | % { $_.Value.ToUpper() } | sort-object $_.Value
- $splunkresults.content > splunkhosts.txt
- $splunkcount = $Splunkhosts.count
- write-host "$splunkcount hosts found"
- write-host "Searching the AD for P1s that have been active within the past 21 days"
- $d = ((Get-Date).ticks-18144000000000)
- $d2 = [DateTime]$d
- $strFilter = "(&(objectCategory=Computer)(Name=PRD-*P1)(LastLogon<=$d))"
- $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
- $objSearcher.SearchRoot = $objDomain
- $SR = "Domain"
- $objSearcher.PageSize = 1000
- $objSearcher.Filter = $strFilter
- $objSearcher.SearchScope = "Subtree"
- $colProplist = "dnshostname"
- foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
- $colResults = $objSearcher.FindAll()
- $hostlist = select-string -Pattern $regex -InputObject $colResults.properties.dnshostname -AllMatches | % { $_.Matches } | % { $_.Value.ToUpper() } | select-object -unique | sort-object $_.Value
- write-host "AD Search completed"
- Write-host "Let's see who's missing"
- $Missingtmp = $hostlist | ?{$splunkhosts -notcontains $_}
- #Strip the list of anything but hostnames
- $Missing = select-string -Pattern $regex -InputObject $Missingtmp -AllMatches | % { $_.Matches } | % { $_.Value.ToUpper() } | select-object -unique | sort-object $_.Value
- #We only need the ones that respond to ping
- write-host "List of missing sessions generated, pinging now."
- write-host "Captain Ramius: Re-verify our range to target... one ping only."
- write-host "Capt. Vasili Borodin: Captain, I - I - I just..."
- write-host "Captain Ramius: Give me a ping, Vasili. One ping only, please."
- write-host "Capt. Vasili Borodin: Aye, Captain."
- Workflow Ramius
- {
- param($targets)
- Foreach -Parallel ($target in $targets)
- {
- If(Test-Connection -Cn "$target" -Count 1 -TimeToLive 120 -quiet)
- {Add-Content -path "\\emeadkhovsand01\logs\ssn\splunksearch\Missingtmp\$target.txt" -value $target}
- }
- }
- Ramius $Missing
- $PingedTargets = dir \\emeadkhovsand01\logs\ssn\splunksearch\Missingtmp\* -include *.txt -rec | gc
- select-string -Pattern $regex -InputObject $PingedTargets -AllMatches | % { $_.Matches } | % { $_.Value.ToUpper() } | select-object -unique | sort-object $_.Value > "\\emeadkhovsand01\logs\ssn\splunksearch\missing.txt"
- $Count = 0
- foreach ($counter in $PingedTargets)
- {
- $Count = $Count+1
- }
- write-host "$Count missing Splunk forwarders, deploying them now."
- invoke-expression "\\emeadkhovsand01\scripts\ssn\psmagi\bulk_noconfirm.ps1 \\emeadkhovsand01\logs\ssn\splunksearch\missing.txt \\emeadkhovsand01\scripts\production\splunkfwd.vbs 0 120 MissingSplunks D"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement