dsc local configuration manager email me whenever change occurs

This topic contains 5 replies, has 4 voices, and was last updated by Profile photo of klaudiusz skiba klaudiusz skiba 6 months, 2 weeks ago.

  • Author
    Posts
  • #39914
    Profile photo of klaudiusz skiba
    klaudiusz skiba
    Participant

    I'm running DSC with ConfigurationMode set to "ApplyAndAutoCorrect".

    I would like to get notified by any means whenever correction occurs.

    Only other options for ConfigurationMode are "ApplyOnly" and "ApplyAndMonitor" with the last one reporting changes in logs.

    Is there a way I could get notified of corrections happening. If not, is "ApplyAndAutoCorrect" option storing info on corrections performed in some file that I could watch for changes?.

  • #39916
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    DSC won't do that directly, but you could use a scheduled task that's triggered by events in the DSC operational event log.

  • #39926
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Or have the LCM report to a Reporting Server, and then pull a query of non-compliant nodes and email that.

  • #39995
    Profile photo of klaudiusz skiba
    klaudiusz skiba
    Participant

    Thanks for responses.

    @Dave Wayatt
    I was going through logs(Operational, Analytic and Debug) but couldn't find find any reference that correction was applied was applied.

    @Don Jones
    I'm assuming that is equivalent of running `Test-DscConfiguration -ComputerName localhost -Detailed` ?
    My question is: Will LCM report all changes at the time of consistency check?

    I'm trying to figure out if there is going to be any time lag that that non-compliant nodes wouldn't be accounted.

  • #40058
    Profile photo of Arie H
    Arie H
    Participant

    If you've set the LCM to ApplyAndAutoCorrect you will see it in the PowerShell logs on that Operational Log, its where the consistency checks are written to as well, on the node ofc.

    Test-DSCConfiguration will start a manual consistency check so not exactly what Don replied.
    If you set your LCM to report to a report server, the data will enter the database on the report server and you can then go over the data without reaching to the node itself. Report server is a good choice when you dont necessarily have direct access to the node but I dont think its something I would use together with ApplyAndAutoCorrect as by the time the report server has the info the node isn't in the desired state the LCM already started fixing it on the node.

    Theres always going to be a delay of at least 15 min as that's the min time for consistency check. As a change can happen 1 sec after a consistency check run. You can run it every few min in a Active manner or run Get-DSCLocalConfiguratioManager (more Passive manner) and watching the LCMState and LCMStateDetail will reveal if the check is on its way and if its actually applying. Dont suggest poking it every second, its not meant to be a real time enforcement.

  • #40129
    Profile photo of klaudiusz skiba
    klaudiusz skiba
    Participant

    @Arie H
    Thanks for clarifying.

    I guess I didn't check logs properly. I think checking logs would be ideal in my situation because changes will fix themselves. All I care about is to know whether someone changed something, and I don't need to know it right away.

You must be logged in to reply to this topic.