none
PowerShell Forwarded Events RRS feed

  • Question

  • I have 4 servers forwarding events to a collector. When I do a get-winevent at the collector it only returns the ID and TimeCreated. I don't see the message which I need to parse and take action on. If I get-winevent on one of the initiating servers I can see the message. I want to attach a scheduled task on the collector but it doesnt know which initiator server to target.

    In the forwarded events log I see there is a property for Computer which tells me the source computer. How do I get to it to save to a variable?

    $logid = xxxx
    $logname = "ForwardedEvents"
    $string = Get-WinEvent -computername "I want to add a source computer here" -LogName $logname|where {$_.Id -eq $logid}|Select -ExpandProperty Message or use the message on the collector log.

     
    • Moved by Bill_Stewart Wednesday, September 13, 2017 9:22 PM This is not "scripts on demand"
    Wednesday, July 19, 2017 9:10 PM

All replies

  • I have 4 servers forwarding events to a collector. When I do a get-winevent at the collector it only returns the ID and TimeCreated. I don't see the message which I need to parse and take action on. If I get-winevent on one of the initiating servers I can see the message. I want to attach a scheduled task on the collector but it doesnt know which initiator server to target.

    In the forwarded events log I see there is a property for Computer which tells me the source computer. How do I get to it to save to a variable?

    $logid = xxxx
    $logname = "ForwardedEvents"

    $computername = "PcNameHere"

    $string = Get-WinEvent -computername $computername -LogName $logname|where {$_.Id -eq $logid}|Select -ExpandProperty Message or use the message on the collector log.

     
    I have added a line in the above quote

    If you find an answer has helped you please use the answer button and/or use that thumbs up! Julio Sanchez-Tirado http://scriptomato.com co-founder | CEO | Pitcher

    Friday, July 28, 2017 9:26 AM