By A few days ago, I needed to find out how many users are connecting to SCOM daily/weekly and how long was each user connected. Out-of-the-box SCOM does not provide you a way of doing this. So I started looking around for some hints. I came across this article, which looked pretty convincing.
This looked all good, except I wanted to do it with Powershell.
Whenever any “client” connects/disconnects to/from the console an event is written in the Operations Manager event log. In each event there is event data which gives you information on the following points:
- EventID
- ManagementServer Name
- Username
- SessionID
- UUID – extracted from SessionID
- ID – extracted from SessionID
- TimeCreated
- SessionDuration -calculated Time between log on and log off Event
- SessionCount – calculated cumulated counter of all current sessions
So, I started working on a script that’d meet my requirements. To be honest, I am still a Powershell student, so I got stuck halfway. So I decided to “get-help” (Powershell pun, get it? ;)) from my friend and guide Stoyan Chalakov. I explained to him my idea and asked whether he would help me script it. Sure enough, I wasn’t disappointed. He liked the idea as well, and came up with a nice script that outputs the data the way we imagined. I’ve linked the link to his script on Technet at the end.
Some important remarks which apply to both methods (the one described in the blog and the script):
“Yes, there are design flaws in this approach:
- If you create daily files, you will have an unknown amount of already open sessions at the beginning of the day and a certain amount of not yet closed sessions at the end. So your SessionCount will be lower than the cumulated values from the “Client Connections” performance counters of all Management Servers.
But when you analyse e.g. weekly data instead of daily, you should get very good results. - The tricky part is , the exact same event is written when a Powershell SDK connection is made. You cannot distinguish between PowerShell SDK connections and Operations console connections. Unfortunately this is by design and I am not aware of a way to mitigate this problem.”
The script parses all the events, which are being logged in regards to the particular user and gathers information in regards to:
- Open session, where the session has not been closed (presence of the Login event, absence of Logout event)
- Closed session and their duration (presence of the Login event and Logout event)
- Closed session without and Login session event, indicating that the Login session event has been overridden and cannot be found.
- The script should be run directly on a management server. If you need you can enable PSremoting and run this on a multiple management server.
- The script is in its first version, where you need to enter a domain and username. The second version (currently being worked on) will include a full report on all user session and their duration, without the need of specifying a particular user name.
Sample output of the script:
You can download the script here:
Stoyan has commented thoroughly throughout the script, so there would no issues to understand the way it works.
Thanks a ton Stoyan!
Cheers!
AnalyticOps Insights 