Open-AudIT
https://www.open-audit.org/phpBB3/

Current VMware ESX audit script
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6055
Page 1 of 1

Author:  intimber [ Sat Apr 06, 2013 12:55 am ]
Post subject:  Current VMware ESX audit script

I'd like to inventory all of our VMware ESXi servers. Unfortunately I couldn't find any best-pratice yet.

Adding an ESXi host manually is possible, but slow and I can't insert all necessary information. For example I couldn't find a way to insert the RAM size of a system after I have created it manually. In the system details view I only have one section "Summary". I miss the other sections like "hardware". I can see the field "memory" in the summary section, but I can't edit it.

I know that I can edit everything in the DB but that's not the I prefer populating my database.

Unfortunately all of our systems have SSH disabled by default. So I can't access them without manually enable SSH. But even when I'm logged in via SSH I can't execute the audit_linux.sh script because /bin/bash is not know by our ESXi servers.

Any ideas how we can easily populate our database with our ESXi servers?

Thanks

Author:  diehl [ Sat Apr 06, 2013 5:37 am ]
Post subject:  Re: Inventory of VMware ESXi servers

Bump.

I have a similar situation. Our data-center houses a few dozen ESXi boxes. I'd like to find a good way of auditing them.

Author:  christophe.niel [ Tue Apr 09, 2013 10:36 pm ]
Post subject:  Re: Inventory of VMware ESXi servers

Hi,

I'm pretty new to open audit but here is what I use to export almost all I need to populate an old custom made DB for inventory
This uses powershell for VMware (AKA PowerCLI) and works on ESXi or vcenter.
It dumps all the data in c:\scripts\export in CSV format.

I'm pretty sure that I could work on something as soon as I understand how OpenAudit work

[code]
Add-PSSnapin VMware.VimAutomation.Core;
connect-viserver <your_ESXi_IP_or_dns>;

Get-VM | Select Id, Name, PowerState, Folder, ResourcePool, NumCpu, MemoryMB, PersistentId, UsedSpaceGB, ProvisionedSpaceGB, VMHost, VApp, FolderId, Version, Notes, HARestartPriority, HAIsolationResponse, DrsAutomationLevel, VMSwapfilePolicy, VMResourceConfiguration | export-csv -NoTypeInformation c:\Scripts\Export\vm.csv

Get-VM | Get-VMGuest | Select VmName, OSFullName, State, HostName, ScreenDimensions | export-csv -NoTypeInformation c:\Scripts\Export\vm_Guest.csv

Get-VM | Get-HardDisk | Select Parent, Filename, Name, CapacityKB, StorageFormat, Persistence, DiskType | export-csv -NoTypeInformation c:\Scripts\Export\vm_HDD.csv

Get-VM | Get-NetworkAdapter | Select Parent, Name, MacAddress, Type, NetworkName, ConnectionState, WakeOnLanEnabled | export-csv -NoTypeInformation c:\Scripts\Export\vm_NetworkAdapter.csv

Get-Datastore | Select Name, Datacenter, CapacityMB, FreeSpaceMB, Accessible, Type, ParentFolder | export-csv -NoTypeInformation c:\Scripts\Export\Datastore.csv

Get-VMHost | Select Name, Id, Version, State, ConnectionState, PowerState, VMSwapfileDatastoreId ,VMSwapfilePolicy ,ParentId ,IsStandalone ,Manufacturer ,Model ,NumCpu ,CpuTotalMhz ,CpuUsageMhz ,MemoryTotalMB ,MemoryUsageMB ,ProcessorType ,HyperthreadingActive, TimeZone, ApiVersion, DiagnosticPartition | export-csv -NoTypeInformation c:\Scripts\Export\VMHost.csv

Get-vmHost | Get-VMHostHba | Select VMHost, Name, Device, Model, Pci, Driver, Bus, Status, Type | export-csv -NoTypeInformation c:\Scripts\Export\VMHost_HBA.csv

Get-VMHost | Get-VMHostNetworkAdapter | Select VMHost, Name, Mac, DhcpEnabled, IP, SubnetMask, BitRatePerSec, FullDuplex, WakeOnLanSupported | export-csv -NoTypeInformation c:\Scripts\Export\VMHost_NetworkAdapter.csv
[/code]

Author:  intimber [ Wed Apr 10, 2013 1:18 am ]
Post subject:  Re: Inventory of VMware ESXi servers

That's great. It's definitely a good start for a OAv2 script. If I find some time I'll have a look at it in detail.

Thanks

Author:  sbutterworth [ Thu Jul 25, 2013 10:29 pm ]
Post subject:  Re: Current VMware ESX audit script

that's brilliant!

Once you have the data, you just need to format it for importing. if you check the VBS script, you can get the rest of the structure for the xml and sending of the file to the open-audit server.

if I get time over the next few days, i'll have a crack at it

:)

Author:  shanimal [ Tue Jun 03, 2014 12:30 am ]
Post subject:  Re: Current VMware ESX audit script

Has anybody come up with an automated way to submit these csv files to the OA server? thanks

Author:  Mark [ Thu Jun 05, 2014 8:39 am ]
Post subject:  Re: Current VMware ESX audit script

If you have SNMP enabled on your ESXi server(s), you should get a nice surprise in the next release of Open-AudIT :D
Screenshot attached.
Also (it's not shown in the screenshot), when a virtual machine has been audited, there are links you can click on to view the Device Details of that VM.

Attachments:
esxi.png
esxi.png [ 160.07 KiB | Viewed 15815 times ]

Author:  shanimal [ Fri Jun 06, 2014 6:10 am ]
Post subject:  Re: Current VMware ESX audit script

Two thumbs up for that news 8)

Author:  shanimal [ Sat Jun 21, 2014 12:29 am ]
Post subject:  Re: Current VMware ESX audit script

I'm testing out v 1.3.2 and would like to try snmp. But I've never used it before. Looking at the instructions, I'm supposed to enable snmp on the esxi hosts, and configure them with a community. How would I configure them with a community so that OA 1.3.2 could audit them? Thanks, and sorry for the snmp clueless-ness. Just never used it here before.

Author:  Mark [ Sat Jun 21, 2014 1:55 pm ]
Post subject:  Re: Current VMware ESX audit script

I can't tell you how to configure ESXi with SNMP and a community string (that's what the VMware site is for [url=http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.monitoring.doc%2FGUID-8EF36D7D-59B6-4C74-B1AA-4A9D18AB6250.html]here[/url] is documentation for 5.1 for example), but as far as Open-AudIT is concerned, just run Menu -> Admin -> Discovery -> Discover a Device with SNMP, put in the ip address and community string, click Scan and away you go :-)

Author:  shanimal [ Wed Jun 25, 2014 5:33 am ]
Post subject:  Re: Current VMware ESX audit script

I have read the vmware snmp info, the problem I have is that I don't have any community to use and it's required that you configure a community. Not sure if I can just make one up. I have a request in with netops, hopefully they can help me with a community string. thanks

Author:  Mark [ Wed Jun 25, 2014 9:45 am ]
Post subject:  Re: Current VMware ESX audit script

A community string is basically a password and must be set on the server itself.

Author:  shanimal [ Thu Jul 03, 2014 4:30 am ]
Post subject:  Re: Current VMware ESX audit script

Thanks Mark. I haven't tried esxi 5.0 yet, but it was easy to get snmp setup and discovered for my esxi 5.1 hosts:

esxcli system snmp set –communities public
esxcli system snmp set –targets pod23-esx-01a.pml.local@161/public
esxcli system snmp set –enable true
esxcli system snmp test


These commands are directly from the instructions at the vmware blog [url]http://blogs.vmware.com/vsphere/2012/11/configuring-snmp-v1v2cv3-using-esxcli-5-1.html[/url]

These commands are for snmp v1 and there are additional instructions for v2 & v3 it looks like each new version added additional security layers. Since we are inside a corporate network I'm hoping that v1 is all I need.

esxi 5.0 snmp instructions are different, I'm hoping to test that soon.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/