I wrote the powershell script below that functions when I manually run it as either my domain admin account, or under the local system context. However, when deployed via Splunk, dns.exe on the domain controllers essentially spikes the CPU to 100% (dns.exe and powershell.exe) until I remove the app and restart Splunk. It does however, report in every 300 seconds as configured with the information I am looking for.
Any idea why this script wouldn't be playing with Splunk well??
import-module activedirectory
$ipaddress = $(ipconfig | where {$_ -match 'IPv4.+\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' } | out-null; $Matches[1])
$ErrorActionPreference="SilentlyContinue"
$domain = ([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()).Name
$dnstest=Test-DnsServer -IPAddress $ipaddress -ZoneName $domain | select Result
if ($dnstest -like '*Success*') {
$result="1"
write-host ((get-date),"`nDNS Status:","$result")
}
else{
$result="0"
write-host ((get-date),"`nDNS Status:","$result")
}
↧
