Event Viewer PowerShell Fun
Around a month ago I was trying to convince a friend to start using Powershell, “I’m too busy to start learning anything new” he said.
He was writing a C# application to connect to a whole bunch of server he had, pull out the event viewer information for errors and store them in a central location which the support team could check every week.
My response to him was that he should use such a project to try and start learning powershell, My exact words were “Its a short script, probably even a one-liner !”.
I never did hear back from him (I guess he is still writing the C# app) but again this question was asked by another friend recently so seeing as I had a spare 5 minutes I thought I would share with you the results of this one-liner:
Get-content c:\temp\servers.txt | foreach { get-wmiobject win32_ntlogevent -filter "type=’error’" -computer $_ | Select ComputerName, EventCode, EventIdentifier, EventType, Logfile, Message, RecordNumber, SourceName, @{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}}, @{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}}, Type, User | export-csv -NoTypeInformation "c:\temp\$_-$((get-date -f MM_dd_yy)).csv"}
Or broken down into a readable format:
Get-content c:\temp\servers.txt |`
foreach {get-wmiobject win32_ntlogevent -filter "type=’error’" -computer$_ |`
Select ComputerName,EventCode,EventIdentifier,`
EventType,Logfile,Message,RecordNumber,SourceName,`
@{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}},`
@{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}}, `
Type, User |`
export-csv -NoTypeInformation "c:\temp\$_-$((get-date -f MM_dd_yy)).csv"}
You can obviously choose your output and easily create a htm file rather than a csv:
Get-content c:\temp\servers.txt |`
foreach {get-wmiobject win32_ntlogevent -filter "type=’error’" -computer$_ |`
Select ComputerName,EventCode,EventIdentifier,`
EventType,Logfile,Message,RecordNumber,SourceName,`
@{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}},`
@{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}},`
Type,User |`
ConvertTo-html "c:\temp\$_-$((get-date -f MM_dd_yy)).htm"}
Much faster than righting a C# app ! – My Lesson for today is….
LEARN POWERSHELL IT SAVES YOU TIME !
Unofficial Online VMware User Group Exchange 2007 PowerShell Audit
Would be fun to see if he finished his app and is willing to let you publish it so you can have a comparison of his code to your script.
=)
Would it be possible to send this data to a SQL server that we could report against? It is funny you post this today. I am working on building a script using Log parser to feed data into SQL, and the first thing that came to mind was, “Hmmm, i wonder if i could do this with PowerShell…”
Thanks for the great info
app
Thanks for the help on this script Alan…It has saved us hours of time
Cheers
Simon
Aaron,
Yes this should be simple enough, there are a fair few examples on the net of how to send a query to sql, I have also written one in the past.
For the log parser you may wish to check out the following site, it seams he has done a fair bit with powershell and log parser: http://muegge.com/blog/?p=65
@dboftlp
I agree, that would be fun. I may ask him