Event Viewer PowerShell Fun

5 Replies

Around a month ago I was trying to convince a friend to start using Powershell, “I’m too busy to start learning anything new” he said.

He was writing a C# application to connect to a whole bunch of server he had, pull out the event viewer information for errors and store them in a central location which the support team could check every week.

My response to him was that he should use such a project to try and start learning powershell, My exact words were “Its a short script, probably even a one-liner !”.

I never did hear back from him (I guess he is still writing the C# app) but again this question was asked by another friend recently so seeing as I had a spare 5 minutes I thought I would share with you the results of this one-liner:

Get-content c:\temp\servers.txt | foreach { get-wmiobject win32_ntlogevent -filter "type=’error’" -computer $_ | Select ComputerName, EventCode, EventIdentifier, EventType, Logfile, Message, RecordNumber, SourceName, @{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}}, @{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}}, Type, User | export-csv -NoTypeInformation "c:\temp\$_-$((get-date -f MM_dd_yy)).csv"}

Or broken down into a readable format:

Get-content c:\temp\servers.txt |`
foreach {get-wmiobject win32_ntlogevent -filter "type=’error’" -computer$_ |`
   Select ComputerName,EventCode,EventIdentifier,`
   EventType,Logfile,Message,RecordNumber,SourceName,`
    @{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}},`
    @{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}}, `
    Type, User |`
    export-csv -NoTypeInformation "c:\temp\$_-$((get-date -f MM_dd_yy)).csv"}

You can obviously choose your output and easily create a htm file rather than a csv:

Get-content c:\temp\servers.txt |`
foreach {get-wmiobject win32_ntlogevent -filter "type=’error’" -computer$_ |`
   Select ComputerName,EventCode,EventIdentifier,`
   EventType,Logfile,Message,RecordNumber,SourceName,`
    @{N="TimeGenerated";E={$_.ConvertToDateTime($_.TimeGenerated)}},`
    @{N="TimeWritten";E={$_.ConvertToDateTime($_.TimeWritten)}},`
   Type,User |`
   ConvertTo-html "c:\temp\$_-$((get-date -f MM_dd_yy)).htm"}

Much faster than righting a C# app ! – My Lesson for today is….

LEARN POWERSHELL IT SAVES YOU TIME !

5 thoughts on “Event Viewer PowerShell Fun

  2. Alan Renouf

    Aaron,

    Yes this should be simple enough, there are a fair few examples on the net of how to send a query to sql, I have also written one in the past.

    For the log parser you may wish to check out the following site, it seams he has done a fair bit with powershell and log parser: http://muegge.com/blog/?p=65

  4. Aaron

    Would it be possible to send this data to a SQL server that we could report against? It is funny you post this today. I am working on building a script using Log parser to feed data into SQL, and the first thing that came to mind was, “Hmmm, i wonder if i could do this with PowerShell…”

    Thanks for the great info

    app

  5. dboftlp

    Would be fun to see if he finished his app and is willing to let you publish it so you can have a comparison of his code to your script.
    =)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.