Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
R script to visualize KMS server events
  • Loading branch information
walke committed Jul 25, 2017
1 parent abeb022 commit 52689e5
Show file tree
Hide file tree
Showing 3 changed files with 70,069 additions and 0 deletions.
Binary file added kmsviz/KMSA2017-07-25.pdf
Binary file not shown.
114 changes: 114 additions & 0 deletions kmsviz/KMSAnalysis1.R
@@ -0,0 +1,114 @@
# Rainer Walke, MPIDR Rostock
# data source Server: Event Viewer Key Management Service
# 2017-Jul-24

# https://technet.microsoft.com/de-de/library/ee939272.aspx
# https://github.com/myanaloglife/py-kms/blob/master/kmsBase.py

require(data.table)
require(ggplot2)
require(scales)

setwd("kmsviz")

eventfile <- file.path(".","Key Management Service.csv")



# prepare tables with clear names

# 620e2b3d-09e7-42fd-802a-17a13652fe7a "Windows Server 2008 R2 Enterprise"
# 68531fb9-5511-4989-97be-d11a0f55633f "Windows Server 2008 R2 Standard"
# 6f327760-8c5c-417c-9b61-836a98287e0c "Office Professional Plus 2010"
# 92236105-bb67-494f-94c7-7f7a607929bd "Office Visio Premium 2010"
# ae2ee509-1b34-41c0-acb7-6d4650168915 "Windows 7 Enterprise"

skuID <- data.table(skuID=c("620e2b3d-09e7-42fd-802a-17a13652fe7a",
"68531fb9-5511-4989-97be-d11a0f55633f",
"6f327760-8c5c-417c-9b61-836a98287e0c",
"92236105-bb67-494f-94c7-7f7a607929bd",
"ae2ee509-1b34-41c0-acb7-6d4650168915"),
product=c("Srv 2008 R2 Enter",
"Srv 2008 R2 Std",
"Office Pro Plus 2010",
"Visio Premium 2010",
"Windows 7 Enter"))

# 'unlicensed' : 0
# 'licensed' : 1
# 'oobGrace' : 2
# 'ootGrace' : 3
# 'nonGenuineGrace' : 4
# 'notification' : 5
# 'extendedGrace' : 6

licenseState <- data.table(licenseState=c("0","1","2","3","4","5","6"),
licenseText=c("unlicensed","licensed","oobGrace","ootGrace",
"nonGenuineGrace",
"notification","extendedGrace"))



# read all information from the file
(PAL1t0 <- readLines(eventfile, n=1, encoding="UTF-8-BOM"))
(PAL1t <- fread(eventfile, skip=1, encoding="UTF-8"))

(newnames <- c("Level","Time1","Source","EventID","Information","Content"))

setnames(PAL1t, 1:6, newnames)

PAL1t[, date := as.POSIXct(strptime(Time1, "%d.%m.%Y %H:%M:%S"))]

PAL1t[, c("Level","Time1","Source","Information"):=NULL]



# some tables and a range
PAL1t[, range(date)]
PAL1t[, table(EventID)]

PAL1t[EventID=="23250",]

PAL1t[, c("c1","mincount","FQDN","CMID","timestamp","isVM","licenseState","minutesExp","skuID") := tstrsplit(Content, ",")]
PAL1t[, c("Content"):=NULL]

PAL1t[, c("text","code"):= tstrsplit(c1, "\r\nInfo:\r\n0x")]

# merge the skuID data.table
# PAL1t[skuID, on="skuID"]
# left join and left join
PAL1 <- licenseState[ skuID[PAL1t, on="skuID"], on="licenseState"]


PAL1
PAL1[, table(code)]
PAL1[, table(mincount)]
# PAL1[, table(FQDN)]
# PAL1[, table(CMID)]
PAL1[, table(isVM)]
PAL1[, table(licenseState)]
PAL1[, table(licenseState,code)]



PAL1[, range(as.integer(minutesExp))]
PAL1[, hist(as.integer(minutesExp))]
# Windows 7
PAL1[skuID=="ae2ee509-1b34-41c0-acb7-6d4650168915" , hist(as.integer(minutesExp), breaks=42)]
# Office 2010
PAL1[skuID=="6f327760-8c5c-417c-9b61-836a98287e0c" , hist(as.integer(minutesExp), breaks=42)]

PAL1[, table(skuID)]


q <- ggplot(PAL1, aes(x=date, y=licenseText))
q2 <- q + geom_point(aes(color=code), alpha=0.3) + facet_grid(product ~ .) +
scale_x_datetime("date", date_breaks="8 weeks",
date_minor_breaks="2 weeks",
labels=date_format("%a %m-%d", tz="Europe/Berlin")) +
scale_y_discrete("License State")
q2

# save it as an PDF image
ggsave(paste("KMSA", Sys.Date(), ".pdf",sep=""), q2, width = 11.6929, height = 8.2677)

0 comments on commit 52689e5

Please sign in to comment.