Windows Server 2012 R2 with IIS 8.5 allows for custom log fields with Enhanced Logging
http://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85
I want to add the fields with Powershell
The following works:
Set-ItemProperty IIS:\Sites\siteName -name logfile.customFields.collection -value
#{logFieldName='foo';sourceType='RequestHeader';sourceName='c-ip'}
But I cannot add a second entry to logfile.customFields.collection It requests -Force and overwrites the existing entry
I added 2 via the GUI to illustrate the issue
Get-ItemProperty IIS:\Sites\siteName -name logfile.customFields.collection
logFieldName : foo
sourceName : c-ip
sourceType : RequestHeader
Attributes : {logFieldName, sourceName, sourceType}
ChildElements : {}
ElementTagName : add
Methods :
Schema : Microsoft.IIs.PowerShell.Framework.ConfigurationElementSchema
logFieldName : foo2
sourceName : c-servername
sourceType : RequestHeader
Attributes : {logFieldName, sourceName, sourceType}
ChildElements : {}
ElementTagName : add
Methods :
Schema : Microsoft.IIs.PowerShell.Framework.ConfigurationElementSchema
logFieldName, sourceName, and sourceType are NoteProperty Members with the same name
How do I do this in Powershell?
A user on the IIS Forums answered
New-ItemProperty IIS:\Sites\siteName -name logfile.customFields.collection -value
#{logFieldName='foo';sourceType='RequestHeader';sourceName='c-ip'}
New-ItemProperty IIS:\Sites\siteName -name logfile.customFields.collection -value
#{logFieldName='foo2';sourceType='RequestHeader';sourceName='c-ip'}
I confirmed this does work
Related
I am working to JIT (Just in time). It should be enabled in all Azure Virtual Machines.
For that, I am retrieving the details to see how many VM's JIT is enabled or disabled.
Is there any script or command to get these details via PowerShell which gives details in Excel?
The command should be Get-AzJitNetworkAccessPolicy
# Sample from microsoft docs
Get-AzJitNetworkAccessPolicy
Id : /subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Security/locations/centralus/jitNetworkAccessPolicies/default
Name : default
Kind : Basic
VirtualMachines : {/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/resourceGroups/myService1/providers/Microsoft.Compute/virtualMachines/testService}
Requests : {Microsoft.Azure.Commands.Security.Models.JitNetworkAccessPolicies.PSSecurityJitNetworkAccessPolicyRequest}
ProvisioningState : Succeeded
It's part of the Az.Security Module.
The command will show you all Just in Time Policies and the assigned machines (VirtualMachines Property)
Together with Get-AzVM you can create a list of which don't have JIT enabled yet.
Something like this should do the trick:
Import-Module Az.Compute
Import-Module Az.Security
Connect-AzAccount -SubscriptionId "<Id>"
$AzJITPolicies = Get-AzJitNetworkAccessPolicy
$AzVMs = Get-AzVM
$ResultSet = #("VmName;JITEnabled")
foreach($AzVM in $AzVMS) {
# You probably need to filter the rules even further here.
$PolicyExists = $AzJITPolicies | Where-Object { $_.VirtualMachines | Where-Object { $_.Id -eq $AzVm.Id }}
$JITEnabled = $false
if($PolicyExists) {
$JITEnabled = $true
}
$ResultSet += ($AzVM.Name + ";" + $JITEnabled)
}
# export as csv => import in excel
$ResultSet -join "`r`n" | Out-File "c:\result.csv"
When i'm running in my machine the commands
$apimContext = New-AzApiManagementContext -ResourceGroupName "xxxxxxxxxxxxx" -ServiceName "xxxxxxxxx"
Get-AzApiManagementProduct -Context $apimContext -ProductId "xxxxxxxxx"
Get-AzApiManagementSubscription -Context $apimContext -ProductId "xxxxxxxxx"
The result is a subscription object with empty keys
SubscriptionId : xxxxxxxxxxxxxxxx
UserId : 1
OwnerId : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxx
xxxx/providers/Microsoft.ApiManagement/service/xxxxx
xxxxx/users/1
ProductId : xxxxxx
Scope : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxx
xxxx/providers/Microsoft.ApiManagement/service/xxxxx
xxxx/products/xxxxxx
Name :
State : Active
CreatedDate : 29/04/2022 15:03:33
StartDate : 29/04/2022 00:00:00
ExpirationDate :
EndDate :
NotificationDate :
PrimaryKey :
SecondaryKey :
StateComment :
AllowTracing : True
Id : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx
xxxxx/providers/Microsoft.ApiManagement/service/xxxxx
xxxx/products/xxxxxx/subscriptions/xxxxxxxxxxxxxxx
ResourceGroupName : xxxxxxxxxxxxxx
ServiceName : xxxxxxxxxxx
As we can see the keys appear empty, but in the documentation examples it provides values. If i go to azure portal with my account i can see the values
Is there something i can do when running in a personal machine or in an azure pipeline so that i can get the key values?
The code result examples conflict with the documentation for Get-AzApiManagementSubscription
The Get-AzApiManagementSubscription cmdlet gets a specified
subscription, or all subscriptions, if no subscription is specified.
Keys will not be included into result details. To get keys, use
Get-AzApiManagementSubscriptionKey.
See Get-AzApiManagementSubscriptionKey
My intent is to configure an API (e.g. an Azure Function) into an API Manegement service using only policies. I don't want to specify a Service URL.
This is possible using Portal UI:
but not using PowerShell Az module.
Following code:
New-AzApiManagementApi -Context $context -Name $fullName -Protocols #('https') `
-Path $path -ProductIds #($product) `
-ApiVersionSetId $apiMgmtVersion.ApiVersionSetId
raises this exception:
Error : Unable to create 'news' managed API version 1.
Cannot validate argument on parameter 'ServiceUrl'. The argument is null or empty. Provide an argument that is not null or empty, and then try the
command again.
At C:\Projects\Intranet.ai\component_tools\Install-ApiMgmt.ps1:105 char:76
+ ... able to create '$fullName' managed API version $version.`n$_" | Error
+ ~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Error
Is there a way to define an API without a service URL? Maybe using directly New-AzResource?
Thanks to anyone who will help!
Is there a way to define an API without a service URL? Maybe using directly New-AzResource?
The New-AzApiManagementApi seems not support that, you could use the New-AzResource directly, please try the sample below, it works on my side.
$PropertiesObject = #{
"name" = "test22"
"serviceUrl" = $null
"path" = "testaaa"
"protocols" = #("https")
}
New-AzResource -PropertyObject $PropertiesObject -ResourceGroupName <Group-name> -ResourceType Microsoft.ApiManagement/service/apis -ResourceName "<API-management-servie-name>/test22" -ApiVersion 2018-01-01 -Force
Check in the portal:
Update:
If you want to include the apiVersionSetId, please try the one below.
$versionSet = Get-AzApiManagementApiVersionSet -Context $context -ApiVersionSetId "d41e7f92-9cf8-48fb-8552-d9ae5d4690d3"
$Id = $versionSet.Id -replace "apiVersionSets","api-version-sets"
$PropertiesObject = #{
"name" = "test22"
"serviceUrl" = $null
"path" = "testaaa"
"protocols" = #("https")
"apiVersionSetId" = $Id
}
New-AzResource -PropertyObject $PropertiesObject -ResourceGroupName <Group-name> -ResourceType Microsoft.ApiManagement/service/apis -ResourceName "<API-management-servie-name>/test22" -ApiVersion 2018-01-01 -Force
Recently I update Azure Powershell modules in Azure Automation Account and it seems that with new version of AzureRm.Resources module the way of dealing with tags on resources and resource group changes.
Previously this is how I would list resource groups with AutoShutdownSchedule tag name
(Get-AzureRmResourceGroup | where {$_.Tags.Name -contains "AutoShutdownSchedule"}
Now according to https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags I have to use:
Find-AzureRmResourceGroup -Tag #{Name="AutoShutDownSchedule"}
But this doesn't return anything. However Find-AzureRmResourceGroup is working:
Find-AzureRmResourceGroup
id : /subscriptions/xxxxx/resourceGroups/HaaS-CDH-Starter-Spotfire-1393
name : xxxxx
location : eastus2
tags : #{AutoShutdownSchedule=18:00}
properties : #{provisioningState=Succeeded}
id : /subscriptions/xxxxxx/resourceGroups/mnt-dev-us
name : xxxx
location : eastus2
tags : #{AutoShutdownSchedule=18:00}
properties : #{provisioningState=Succeeded}
Any suggestions what I'm doing wrong?
You should use the command below to get the resource group(s) for the tag with name of AutoShutdownSchedule.
Find-AzureRmResourceGroup -Tag #{ AutoShutdownSchedule = $null }
The example of Find Resource Group(s) by tag name for Find-AzureRmResourceGroup cmdlet can be obtained from:
get-help Find-AzureRmResourceGroup -full
-------------------------- FindByTagName --------------------------
Find-AzureRmResourceGroup -Tag #{ testtag = $null }
Finds all resource group with a tag with name 'testtag'.
Note: Verified working with AzureRm.Resources module version: 3.5.0
I'm trying to change the TCP Port timeout on my Ubuntu VM in Azure, and am following this guide to do so, however I seem to get stuck at Step 8 where I have to type the following command:
Get-AzureRmVM -Name "digitron" -ResourceGroup "DIGITRON-RG" |
Get-AzureRmPublicIpAddress
Where it spits back the following error:
Get-AzureRmPublicIpAddress : The Resource 'Microsoft.Network/publicIPAddresses/digitron' under resource group
'DIGITRON-RG' was not found.
StatusCode: 404
ReasonPhrase: Not Found
OperationID : '5031da35-262c-4e1a-a85b-885a6a0fd36c'
At line:1 char:63
+ ... "digitron" -ResourceGroup "DIGITRON-RG" | Get-AzureRmPublicIpAddress
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureRmPublicIpAddress], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.GetAzurePublicIpAddressCommand
What's strange here is if I run the command Get-AzureRmVm, the powershell will spit back:
ResourceGroupName Name Location VmSize OsType NIC ProvisioningState
DIGITRON-RG digitron eastus Standard_DS2_v2 Linux digitron727 Succeeded
Now reading the error makes me think that the VM itself has no public IP address, but I've set it in the Azure Portal as seen in this image (where it says 40.71.98.172 etc):
Why is the Powershell giving me this error?
The Resource 'Microsoft.Network/publicIPAddresses/digitron' under
resource group 'DIGITRON-RG' was not found.
Because Get-AzureRmPublicIpAddress can't get the right parameter, this error means the resource can't find in DIGITRON-RG. For test, we can use Get-AzureRmResource to test the resource exist or not:
PS > Get-AzureRmResource | ?{$_.name = "digitron"}
By the way, the command Get-AzureRmPublicIpAddress need parameters: -Name (the name of the public IP address), -ResourceGroupName (the name of the resource group)
PS > Get-AzureRmPublicIpAddress -Name "jason-ip" -ResourceGroupName "jason"
Name : jason-ip
ResourceGroupName : jason
Location : eastus
Id : /subscriptions/5xxxxabb-222b-49c3-9488-0361e29a7b15/resourceGroups/jason/providers/Microsoft.Network/publicIPAddresses/jason-ip
Etag : W/"5a7200b2-7c2b-4c7a-be27-0bbb7c8f4665"
ResourceGuid : 32xxxf-750a-46a4-abda-c25xxx2b64
ProvisioningState : Succeeded
Tags :
PublicIpAllocationMethod : Dynamic
IpAddress : 13.92.255.103
PublicIpAddressVersion : IPv4
IdleTimeoutInMinutes : 30
IpConfiguration : {
"Id": "/subscriptions/5xxxxb-222b-49c3-9xx8-0361e29a7b15/resourceGroups/jason/providers/Microsoft.Network/networkInterfaces/jason647/ipConfigurations/ipconfig1"
}
DnsSettings : null
We can use this command to get the public IP direct, and increase the timrout to 30 minutes.
Below is the script I used to get the Private and Public IP for an Azure ARM VM:
$rg = Get-AzureRmResourceGroup -Name "MyResourceGroup01"
$vm = Get-AzureRmVM -ResourceGroupName $rg.ResourceGroupName -Name "MyVM01"
$nic = Get-AzureRmNetworkInterface -ResourceGroupName $rg.ResourceGroupName -Name $(Split-Path -Leaf $VM.NetworkProfile.NetworkInterfaces[0].Id)
$nic | Get-AzureRmNetworkInterfaceIpConfig | Select-Object Name,PrivateIpAddress,#{'label'='PublicIpAddress';Expression={Set-Variable -name pip -scope Global -value $(Split-Path -leaf $_.PublicIpAddress.Id);$pip}}
(Get-AzureRmPublicIpAddress -ResourceGroupName $rg.ResourceGroupName -Name $pip).IpAddress
#Output:
Name PrivateIpAddress PublicIpAddress
---- ---------------- ---------------
ipconfig1 10.0.0.10 MyVM01-pip
40.80.217.1