Request for a script:

Posted: 13th February 2012 by Ben in For the Technical
5

Here is the gist of the email:


I need your help. I need a script that will read a text file of server names and query each of those servers event logs for event id '10'. Can you please help?

Well, hell yes I can!!

People, I live for this: Send me more!


$servers = get-content "c:\scripting\servers.txt"

foreach ($server in $servers)
{
get-eventlog system -computer $server | where-Object {$_.EventID -eq 10}

}

You can also make the output a little more fancier, but this will get the job done!

B

  1. ninjapanda says:
    February 13, 2012 at 8:16 pm

    Thanks for the help. Getting a “cannot read log entry number” (insert random log entry number here). Still good stuff though. Can the results be dumped to a html file similar to the gpresult command?

  2. ninjapanda says:
    February 14, 2012 at 4:45 am

    $SvrList = get-content “c:\scripts\servers.txt”

    Write-host “Print Event Compiler”

    $UsrStartDate = Read-Host “Enter the beginning date in MM/DD/YYYY format please:”
    $UsrEndDate = Read-Host “Enter the ending date in MM/DD/YYYY format please:”
    $begindate = get-date -uFormat %m/%d/%y ($UsrStartDate)
    $enddate = get-date -uFormat %m/%d/%y ($UsrEndDate)

    foreach ($server in $SvrList)
    {
    get-eventlog system -computer $server -before $begindate -after $enddate | where-Object {$_.EventID -eq 6013}
    }

    Why will it not parse based on the date variables I am handing to it? Please help powershell master.

    • Ben says:
      February 14, 2012 at 11:32 am

      The ” -after $endDate” was working for me but it’s kind of clunky. It reverts back to the .Net Method Date Time method:
      http://msdn.microsoft.com/en-us/library/system.datetime.aspx

      I tried this:

      $begindate = ([datetime]"$UsrStartDate").GetType()

      And I still got an incorrect value. Now I was able to fudge it a little to get correct parsing results and that’s by doing this:
      get-eventlog -logname application -entrytype Error, Warning -after (get-date).addHours(-48)

      That's a direct item from the DateTime Structure and it seemed to produce correct results. If you wanted to, you could do something like this:
      $UsrStartDate = Read-Host "Hey enter the days ago you wanted the logs"
      foreach ($server in $svrList)
      {
      get-eventlog -logname system -after (get-date).addHours(-$UsrStartDate) | where-Object {$_.EventID -eq 6013}
      }

      You would have to do the math in the program for the hours and such, but maybe that might help. It produced spot on results.

      The other one parsed, but it was unreliable how it produced the data.

      Hope that helps!

You must be logged in to post a comment.