Quick Post – Linux + PowerShell + DSC Blog Posts @ Hey, Scripting Guy! Blog


I would like to make you aware of a 3-part blog post series, which I have written for THE Microsoft Hey, Scripting Guy! Blog .  Because I really like these blog post series and of course the blog itself a lot , I want to share it with you.

The first part shows you, how to use Bash on Windows 10 and how you can connect to a Linux server to install OMI CIM server and the DSC for Linux packages. The second part installs .NET Core and PowerShell for Linux on the system using DSC for Linux. In addition, I show you how to connect via PowerShell and WSMan protocol from your Windows 10 to the OMI CIM server. The last post is applying a DSC configuration from Azure Automation DSC to Linux and executing a PowerShell script to send user data to Azure Log Analytics HTTP Data Collector API .

You can find the post here:

Part 1 – Install Bash on Windows 10, OMI CIM Server, and DSC for Linux

Part 2 – Install .NET Core and PowerShell on Linux Using DSC

Part 3 – Use Azure Automation DSC to Configure Linux and Executing PowerShell Script


I hope you like it as much as I do, have fun!

OMS – HTTP Data Collector API 403 (Forbidden)

Few weeks ago Microsoft released the Azure Log Analytics HTTP Data Collector API, which allows you to shoot JSON data into OMS Log Analytics. This is awesome news, because now anything is possible. This means, you are able to use (m)any script languages to send any data to OMS for further analytics and you are able to use all the nice OMS goodies like alerting, view designer for building awesome dashboards, query language for some deep dive into your data etc. I had been playing with this API on my Linux box to see what it is capable of. I use a PowerShell test script on Linux, which I knew worked before. All of a sudden I received this error…


I was wondering, because I was sure this script and my workspace is working fine. Actually I modified the script from this blog post here Azure Log Analytics HTTP Data Collector API. If I check the error code it says that workspace ID or connection key needs to be valid.


After a minute I got an idea and compared the time on my Linux box…


..and the one on my client…2

..so there is a deviation of 40 minutes. I corrected the time on my Linux machine and all of a sudden the data submission worked fine. I was wondering, what the maximum allowed deviation will be . I went back in time in 5 minutes steps and after I reached a 15 minute time difference I received the same error. If I put the time back just 14 minutes, the script worked fine.

Conclusion: If you are playing with the Azure Log Analytics HTTP Data Collector API  make sure your clock is set correctly otherwise you will receive a 403 error.

SCOM 2016 – What’s New UNIX/Linux Series: File System Discovery e.g. Exclude /tmp

A little pain in SCOM 2012 R2 was, that as soon you installed the UNIX/Linux management packs for your distribution all UNIX/Linux folders were discovered on the file system. This could be lead to a huge list of monitored directories e.g. /tmp, /var… which was not intended to be. To overcome this problem, you would have needed to create a group, add the objects and disable the discovery rule for this group. The override parameters in SCOM 2012 R2 looked like this…

…the discovery itself…


…and the properties…


In SCOM 2016 there is a new option which let’s you exclude directories using regular expressions. The override parameters in SCOM 2016 look like this…


As you can see there are two options, either override by file system name or by file system type.

How does this work? Let’s see…

Continue reading

SCOM 2016 – What’s New UNIX/Linux Series: Monitors and Rules Running (Any) Script e.g. Perl

One new feature I am very excited about is to run any sort of script on the UNIX/Linux agent. In SCOM 2012 R2 you had the option to run shell commands for performance rules and monitors. In SCOM 2012 R2 the monitor dialog looks like this…


…and the rules wizard shows options for creating shell command based alert and performance rules…


The problem was, that you were restricted to “one-liner” command which executed either the full command or you used the command to execute a script on the host. Now, in SCOM 2016 the awesome news are, that you are able to put any sort of UNIX/Linux scripts into your monitors and rules. The new wizard for monitors looks like this…image

…and the additional script options for alert and performance rules…image

As you can see,  we got these new options:

  • UNIX/Linux Script Three State Monitor
  • UNIX/Linux Script Two State Monitor
  • UNIX/Linux Script (Alert) Rule
  • UNIX/Linux Script (Performance) Rule

I think this a really awesome step for SCOM. In the past I had a few cases where I would have needed such new capabilities. How does it work? Let’s see…

Continue reading

SCOM 2016 – What’s New UNIX/Linux Series: Agent Task Running Script e.g. Perl

I assume you are familiar with creating SCOM tasks and you know there are tasks that are executed on the SCOM console side (console task) and such that are executed on the agent (agent task). In the past you had only few options, like running commands on Windows and UNIX/Linux or scripts only on Windows agents. The task options looked like this in SCOM 2012 R2…


In SCOM2016 you are now able to run scripts on UNIX/Linux agent using all kind of script languages (any), that are installed on the target machine.


To prove that it works I created a simple task called Perl Ping

Continue reading

SCOM 2016 – What’s New UNIX/Linux Series: Discovery Wizard Provide RunAs Account

I just want to start a short series “SCOM 2016 – What’s New Unix/Linux” where I show you what’s new in SCOM 2016 from a UNIX/Linux perspective. We start of with the discovery wizard. In SCOM 2012 R2 when you discovered the UNIX/Linux systems you always had to provide the credentials for deploying the agent.

In SCOM 2012 R2 it looked like this…


In SCOM 2016 you are able to select a RunAs account, which will be used for deployment. Actually the UNIX/Linux Agent Maintenance Account and the UNIX/Linux Action Account credentials will be used for discovery and installation of the agent.


This a very convenient for deploying a large amount of agents, so you don’t have to provide the credentials all the time. Nice!

OMS – Linux Agent Send Remote Syslog Messages to OMS


As you know OMS can receive syslog messages from its Linux agents. Well this is nothing special anymore, but there might be use cases where you cannot install a Linux agent or you might have some network devices which need to send syslog messages to OMS because you want to do some deep inspection of the data. How would you handle such situation? Well, one way would be to configure a centralized syslog server. This means you “promote” a Linux server as syslog server and this will be the “target” node for the other devices / systems. After that, configure the surrounding systems to “shoot” their events to the syslog server. I will show you how to do that in this demo.


The Linux agents supports e.g. rsyslog or syslog-ng uploading all events from all facilities with a severity of warning or higher. In my example I will use SUSE Enterprise Server  12 which hast rsyslog installed. The default collected event configuration looks like this…


I have installed two Linux systems, SUSE01 and SUSE02. SUSE01 is acting as syslog server, collecting all the events and sending it to OMS. SUSE02 is configured as “client” which will send the events to SUSE01. How did I do that? Let’s see first we will configure SUSE02 (client).

I will not show you how to install Linux nor how to install the OMS Linux agent, because there are enough posts on the internet. Make sure your firewall is also configured for the required ports.


First you need to prepare your OMS workspace. In OMS you need to configure what facility you would like to get into your workspace. Make sure you configured your workspace, where you have your agent connected to, according to your need. If you need help, check this article here. In my case I added user and local7 facility to my workspace and deployed it to my agents…imageAfter that, we are ready to configure SUSE02 (client).

Continue reading