sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-15 15:23:02

Author: Mike Swanson Machine: DESKTOP-0O8A1RL Timestamp: 2026-05-15 15:23:02
2026-05-15 15:23:05 -07:00
parent 6d6de33cb7
commit 31088cb8de
21 changed files with 1367 additions and 1 deletions
--- a/session-logs/tmp_pluto_applog.ps1
+++ b/session-logs/tmp_pluto_applog.ps1
@@ -0,0 +1,32 @@
+$start = [datetime]'2026-05-14 18:00:00'
+$end   = [datetime]'2026-05-15 02:00:00'
+
+# Application log — GuruRMM or sshd errors
+$evts = Get-WinEvent -LogName Application -MaxEvents 5000 -ErrorAction SilentlyContinue |
+  Where-Object { $_.TimeCreated -gt $start -and $_.TimeCreated -lt $end }
+
+Write-Host "Application events in window: $($evts.Count)"
+
+foreach ($e in ($evts | Sort-Object TimeCreated)) {
+    $msg1 = ($e.Message -split "`n")[0] -replace '\s+',' '
+    Write-Host "$($e.TimeCreated.ToString('HH:mm:ss'))  [$($e.LevelDisplayName)]  $($e.ProviderName)  ID=$($e.Id)  $msg1"
+}
+
+# Also: check sshd event log
+Write-Host ""
+Write-Host "=== OpenSSH/sshd events ==="
+try {
+    Get-WinEvent -LogName 'OpenSSH/Operational' -MaxEvents 100 -ErrorAction Stop |
+      Where-Object { $_.TimeCreated -gt $start -and $_.TimeCreated -lt $end } |
+      Sort-Object TimeCreated |
+      ForEach-Object { Write-Host "$($_.TimeCreated.ToString('HH:mm:ss'))  ID=$($_.Id)  $(($_.Message -split '`n')[0])" }
+} catch { Write-Host "OpenSSH log: $($_.Exception.Message)" }
+
+# Check when GuruRMMAgent service last started/stopped (any time)
+Write-Host ""
+Write-Host "=== GuruRMMAgent service history ==="
+Get-WinEvent -LogName System -MaxEvents 10000 -ErrorAction SilentlyContinue |
+  Where-Object { $_.Message -like '*GuruRMMAgent*' } |
+  Sort-Object TimeCreated -Descending |
+  Select-Object -First 20 |
+  ForEach-Object { Write-Host "$($_.TimeCreated.ToString('yyyy-MM-dd HH:mm:ss'))  ID=$($_.Id)  $(($_.Message -split '`n')[0] -replace '\s+',' ')" }