Saturday, 19 July 2014

How to Use PowerShell to Health Check Event Logs in Clustered ONTAP

This post presents a function that can be used to health check event logs in Clustered ONTAP.

<#######################
HC-EventLogShow Function
========================
The function takes 2 or 3 arguments:
1) HC-EventLogShow SEVERITY LAST?HOURS
2) HC-EventLogShow SEVERITY LAST?HOURS NODE

It returns as an array the output of the Clustershell command "event log show", for the chosen SEVERITY (and optionally NODE), and going back for the chosen LAST?HOURS. The main feature of the script is that it suppresses messages where they repeat and records the number of repetitions, so you just see all the unique events.

The function returns the information as an array with columns for: TIME, NODE, COUNT (Occurrences), EVENT. Like previous HC (Health Check) scripts, the idea is that this array can then be manipulated to presented the information in whatsoever way is desired (e.g. an Excel spreadsheet.)

Note 1: Requires a pre-existing connection to a CDOT cluster
Note 2: Severities are (in order of most to least severe):
EMERGENCY, ALERT, CRITICAL, ERROR, WARNING, NOTICE, INFORMATIONAL, DEBUG
Note 3: For more information on "Get-NcEmsMessage", see section at end of this script "Investigating Get-NcEmsMessage"

HC-EventLogShowBO (Basic Output) Function
=========================================
This function exists only to display the output in a basic format.
1) HC-EventLogShowBO SEVERITY LAST?HOURS
2) HC-EventLogShowBO SEVERITY LAST?HOURS NODE
############################################>

function HC-EventLogShow {

if (!$args[0]){return null} # Need a SEVERITY argument
if (!$args[1]){return null} # Need an HOURS argument
if ($args[2]){$node = $args[2]} # NODE argument is optional

# We use a template to make the script more efficient byonly pulling the information we need
$attributes = Get-NcEmsMessage -Template
$attributes.Event = ""
$attributes.Node = ""
$attributes.Time = ""

# If we have a NODE argument, use it, otherwise don't!
if (!$args[2]){$messages = Get-NcEmsMessage -Severity $args[0] -StartTime (Get-Date).AddHours(-$args[1]) -Attributes $attributes}
if ($args[2]){$messages = Get-NcEmsMessage -Severity $args[0] -StartTime (Get-Date).AddHours(-$args[1]) -Attributes $attributes -Node $node}
# Note: We don't check for case sensitivity of the node name - this must be entered correctly.
      
$count = $messages.count
# If you add all the event repetitions recorded, it should equal this number.

# We create an array big enough to contain all the messages but it shouldn't need to be that big due to duplicates!
$outputArray = New-Object 'object[,]' 5,$count
# We start off with an array with no rows this increases every time we find a unique one.
$arrayYsize = 0

# In the array, our X fields are:
# TIME (0), NODE (1), EVENT (2), and COUNT (Occurrences) (3)
      
# Cycle through all the messages
foreach ($message in $messages){

$i=0
$match = $null # Sets Match to false per new message

# A do loop comparing node, then event, and recording a match if both do.
:Check4Match do {

if ($message.Node -eq $outputArray[1,$i]){
if ($message.Event -eq $outputArray[2,$i]){
$match = "true"
$outputArray[3,$i]++ # Accumulate the counter
break Check4Match # Have found a match - stop checking!
}
}

$i++                      
} while ($i -lt ($arrayYsize-1))

# If no match, create a new line in the array.
if (!$match){
$outputArray[0,$arrayYsize]=$message.TimeDT
$outputArray[1,$arrayYsize]=$message.Node
$outputArray[2,$arrayYsize]=$message.Event
$outputArray[3,$arrayYsize]=1
$arrayYsize++
}

} # END of foreach ($message in $messages)

, $outputArray
# returns the array

}

############################
      
function HC-EventLogShowBO {

if(!$args[0]){return} # Need a SEVERITY argument
if(!$args[1]){return} # Need an HOURS argument

if (!$args[2]){$output = HC-EventLogShow $args[0] $args[1]}
if ($args[2]){$output = HC-EventLogShow $args[0] $args[1] $args[2]}

"OUTPUT"
"======"
"TIME # NODE # COUNT # EVENT"

$i=0
$data = "true"
while($data) {
      
$TimeDT = $output[0,$i]
$node = $output[1,$i]
$count = $output[3,$i]
$event = $output[2,$i]
"$TimeDT # $node # $count # $event"
$i++
if ($output[0,$i] -eq $null){$data = $null}
      
}

}

<# Investigating Get-NcEmsMessage
$EMS_Event.EmsSeverity                   
$EMS_Event.Event                         
$EMS_Event.EventXmlLen                   
$EMS_Event.EventXmlLen                    
$EMS_Event.EventXmlLenSpecified          
$EMS_Event.KernelGen                     
$EMS_Event.KernelGenSpecified            
$EMS_Event.KernelSeqNum                  
$EMS_Event.KernelSeqNumSpecified         
$EMS_Event.MessageName                    
$EMS_Event.NcController                  
$EMS_Event.Node                          
$EMS_Event.NumSuppressedSinceLast        
$EMS_Event.NumSuppressedSinceLastSpecified
$EMS_Event.SeqNum                        
$EMS_Event.Severity                      
$EMS_Event.Source                        
$EMS_Event.Time                          
$EMS_Event.TimeDT                        
#>

1 comment: