I’m running DSC with ConfigurationMode set to “ApplyAndAutoCorrect”.
I would like to get notified by any means whenever correction occurs.
Only other options for ConfigurationMode are “ApplyOnly” and “ApplyAndMonitor” with the last one reporting changes in logs.
Is there a way I could get notified of corrections happening. If not, is “ApplyAndAutoCorrect” option storing info on corrections performed in some file that I could watch for changes?.
DSC won’t do that directly, but you could use a scheduled task that’s triggered by events in the DSC operational event log.
Or have the LCM report to a Reporting Server, and then pull a query of non-compliant nodes and email that.
Thanks for responses.
@Dave Wayatt
I was going through logs(Operational, Analytic and Debug) but couldn’t find find any reference that correction was applied was applied.
@Don Jones
I’m assuming that is equivalent of running `Test-DscConfiguration -ComputerName localhost -Detailed` ?
My question is: Will LCM report all changes at the time of consistency check?
I’m trying to figure out if there is going to be any time lag that that non-compliant nodes wouldn’t be accounted.
If you’ve set the LCM to ApplyAndAutoCorrect you will see it in the PowerShell logs on that Operational Log, its where the consistency checks are written to as well, on the node ofc.
Test-DSCConfiguration will start a manual consistency check so not exactly what Don replied.
If you set your LCM to report to a report server, the data will enter the database on the report server and you can then go over the data without reaching to the node itself. Report server is a good choice when you dont necessarily have direct access to the node but I dont think its something I would use together with ApplyAndAutoCorrect as by the time the report server has the info the node isn’t in the desired state the LCM already started fixing it on the node.
Theres always going to be a delay of at least 15 min as that’s the min time for consistency check. As a change can happen 1 sec after a consistency check run. You can run it every few min in a Active manner or run Get-DSCLocalConfiguratioManager (more Passive manner) and watching the LCMState and LCMStateDetail will reveal if the check is on its way and if its actually applying. Dont suggest poking it every second, its not meant to be a real time enforcement.
@Arie H
Thanks for clarifying.
I guess I didn’t check logs properly. I think checking logs would be ideal in my situation because changes will fix themselves. All I care about is to know whether someone changed something, and I don’t need to know it right away.