Can Event Hubs receive output from agents?

Is it possible for an Event Hub (PSU server) to receive the output from an Event Hub Agent? For example, if I run a script/cmdlet on an agent, can the result of that execution (in this case, it would be the output from Invoke-WebRequest) be sent back to the PSU server for it to further process since the agent wouldn’t have an ability to do a lot of the things the PSU server itself can, without having to poke loads of holes and install multiple modules on the agent system?

I see Event Hubs | PowerShell Universal, which looks like it does have that ability, but the hang-up there is that the connection ID changes each time the agent service is stopped/started (like it would be after a reboot from system updates), so I’m not sure how that would effectively work.

Product: PowerShell Universal
Version: 5.3.3

Hey hey, the only way to get data back from an Agent I’ve seen currently is to pass the connectionId in yeah.

What we do here is when something needs to run at an event hub we call Get-PSUEventHubConnection with the eventhub name and the active switch and “pick” an agent from the returned list, and then run the remote work and read back the deets. Then the agent can run whatever they need

$EventHubName = "DTEventHub"

#get the agents that are active
$Connections = @(Get-PSUEventHubConnection -Hub $eventHubName -Active)
if($Connections.count -lt 1) 
{ 
    Write-Error "No Agents Active for EventHub: $($EventHubName)"
    return
}

#randomly get one
$Connection = Get-Random $Connections

#now run something
$scriptBlock = { & whoami }
$result = Invoke-PSUCommand -Hub $connection.eventHub -ConnectionId $connection.ConnectionId -Command Invoke-Expression -Parameters @{Command = $scriptBlock}

# Do stuff with result here
Write-Information "Agent is running as $($result)"

For an actual example we have a process that disables a persons accounts when they leave the business, if they have an account in a remote AD (thats not trusted/airgapped) we pass the execution part down to the eventhub in that security zone to do the disabling and it returns the results of the activity, but the logic for success/failure/error reporting is in the PSU server so it handles if the function succeeded the same on local and remote calls

We dynamically create the scriptblock to pass to the agent using a pattern like above

1 Like

Thanks. I think I’ll be able to modify that to meet my needs.

Edit: I was able to modify your example to do what I needed. Thank you again.

For the record, Invoke-PSUCommand is now an alias for Send-PSUEvent, in case you care about the alias ever being removed one day, so it doesn’t break your script(s).

1 Like