none
querying the event logs for specific errors RRS feed

  • Question

  • I recently started using this script that was posted last year on the forum.  how would you go about changing it around to use the last month of logs only - to display the error message from the event log - and time it was generated in the csv file. 

    thank you.

    this is the script:


    • Moved by Bill_Stewart Thursday, January 2, 2014 9:03 PM Abandoned
    Friday, November 22, 2013 12:59 PM

All replies

  • Param (
        [int]$Throttle = 100,
        [string[]]$Computername = (get-content d:\temp\machines.txt),
        [string]$File = "C:\temp\output.csv",
        $VerbosePreference = 'SilentlyContinue'
    )
    Begin {
        Write-Host ("Starting at {0}" -f (Get-Date)) -For Green -Back Black
        "Machine Name`tHard Drive State" | Out-File -FilePath $File
        #Function that will be used to process runspace jobs
        Function Get-RunspaceData {
            [cmdletbinding()]
            param(
                [switch]$Wait,
            )
            Do {
                $more = $false           
                Foreach($runspace in $runspaces) {
                    If ($runspace.Runspace.isCompleted) {
                        $runspace.powershell.EndInvoke($runspace.Runspace) | Out-Null
                        $runspace.powershell.dispose()
                        $runspace.Runspace = $null
                        $runspace.powershell = $null
                        Write-Verbose ("Completed: {0}" -f $runspace.computer)                         
                    } ElseIf ($runspace.Runspace -ne $null) {
                        $more = $true
                    }
                }
                If ($more -AND $PSBoundParameters['Wait']) {
                    Start-Sleep -Milliseconds 100
                }                
            } while ($more -AND $PSBoundParameters['Wait'])
        }      
            
        $EventHash = @{
            LogName = 'System'
            Newest = 1
            EntryType = 'Error'
            Source = 'disk'
        }
        $ScriptBlock = {
            Param (
                $Computer,
                $EventHash,
                $File
            )
    

    Friday, November 22, 2013 1:00 PM
  •         If (Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
                $Eventhash.computername = $Computer
                $returndata = Get-EventLog @eventhash | Select Message
                If ($returndata) {
                    ("{0}`t{1}" -f $Computer,'Bad') | Out-File -append $File
                } Else {
                    ("{0}`t{1}" -f $Computer,'Good') | Out-File -append $File
                }
            } Else {
                ("{0}`t{1}" -f $Computer,'Offline') | Out-File -append $File
            }
        }
        Write-Verbose ("Creating runspace pool and session states")
        $sessionstate = [system.management.automation.runspaces.initialsessionstate]::CreateDefault()
        $runspacepool = [runspacefactory]::CreateRunspacePool(1, $Throttle, $sessionstate, $Host)
        $runspacepool.Open()  
        Write-Verbose ("Creating empty collection to hold runspace jobs")
        $runspaces = New-Object System.Collections.ArrayList
        $totalcount = $computername.count
    }
    Process {
        ForEach ($Computer in $Computername) {
           #Create the powershell instance and supply the scriptblock with the other parameters 
           $powershell = [powershell]::Create().AddScript($ScriptBlock).AddArgument($computer).AddArgument($eventhash).AddArgument($File)
           
           #Add the runspace into the powershell instance
           $powershell.RunspacePool = $runspacepool
           
           #Create a temporary collection for each runspace
           $temp = "" | Select-Object PowerShell,Runspace,Computer
           $Temp.Computer = $Computer
           $temp.PowerShell = $powershell
           
           #Save the handle output when calling BeginInvoke() that will be used later to end the runspace
           Write-Verbose ("Running PowerShell instance")
           $temp.Runspace = $powershell.BeginInvoke()
           Write-Verbose ("Adding {0} collection" -f $temp.Computer)
           $runspaces.Add($temp) | Out-Null
           
           Write-Verbose ("Checking status of runspace jobs")
           Get-RunspaceData
        }   
    }
    End {
        Get-RunspaceData -Wait
        
        Write-Verbose ("Closing the runspace pool")
        $runspacepool.close()   
        
        $runspaces.Clear()  
        Write-Host ("Finished at {0}" -f (Get-Date)) -For Green -Back Black 
    }
    Friday, November 22, 2013 1:00 PM
  • Some thing like this will help

    $date = (Get-Date).AddDays(-30)
    Get-EventLog -Before $date -LogName Application

    In your code use this

    $days = (Get-Date).AddDays(-30)
    $returndata = Get-EventLog -Before $days @eventhash | Select Message


    Regards Chen V [MCTS SharePoint 2010]


    • Edited by Chen VMVP Friday, November 22, 2013 1:37 PM
    Friday, November 22, 2013 1:36 PM