Hey, I’m trying to build a consolidated “these are the things we check when a server is weird” script, but for some reason when I try to pull the info from 2 logs, it seems to be executing the commands in the incorrect order.
When I execute this:
write-host -ForegroundColor Red "10 most recent ERROR or CRITICAL event log entries from System Log:"
Get-WinEvent -FilterHashtable @{LogName='System'} | ? {($_.Level -eq 2) -or ($_.Level -eq 1)} | select -first 10 -Property TimeCreated,ID,LevelDisplayName,Message
sleep 5
write-host -ForegroundColor Red "10 most recent ERROR or CRITICAL event log entries from Application Log:"
write-host ""
Get-WinEvent -FilterHashtable @{LogName='Application'} | ? {($_.Level -eq 2) -or ($_.Level -eq 1)} | select -first 10 -Property TimeCreated,ID,LevelDisplayName,Message
Instead of getting the header, then the first block of results, then the second header and the second set of results, I get this:
10 most recent ERROR or CRITICAL event log entries from System Log:
10 most recent ERROR or CRITICAL event log entries from Application Log:
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
6/21/2023 8:09:19 AM 5719 Error This computer was not able to set up a secure session with a domain controller in domain SENATE-AD due to the following: ...
6/21/2023 8:09:18 AM 1130 Error Logon script failed. ...
6/21/2023 8:09:14 AM 2505 Error The server could not bind to the transport \Device\NetBT_Tcpip_{961B3218-1C10-4528-BB9E-EAA4D28BDE33} because another computer on the network has the same name. The server could not start.
6/21/2023 8:09:07 AM 1129 Error The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to ...
6/21/2023 8:08:41 AM 1129 Error The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to ...
6/21/2023 8:08:39 AM 1129 Error The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to ...
6/21/2023 8:08:39 AM 1130 Error Startup script failed. ...
6/21/2023 8:08:39 AM 1130 Error Startup script failed. ...
6/21/2023 8:08:39 AM 1129 Error The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to ...
6/20/2023 4:04:26 PM 7031 Error The Covenant Eyes Communication Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/21/2023 11:47:16 AM 10005 Error Product: Microsoft Azure Information Protection -- A newer version of Microsoft Azure Information Protection is already installed.
6/20/2023 4:04:32 PM 400 Error URL Reputation is malfunctioning
6/20/2023 4:04:25 PM 1000 Error Faulting application name: CovenantEyesCommService.exe, version: 9.2.11.0, time stamp: 0x646ba70a...
6/20/2023 8:17:07 AM 10005 Error Product: Microsoft Azure Information Protection -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2753. The argument...
6/20/2023 8:01:57 AM 8198 Error License Activation (slui.exe) failed with the following error code:...
6/16/2023 12:06:36 PM 1000 Error Faulting application name: CovenantEyesCommService.exe, version: 9.2.11.0, time stamp: 0x646ba70a...
6/16/2023 10:36:30 AM 10005 Error Product: Microsoft Azure Information Protection -- A newer version of Microsoft Azure Information Protection is already installed.
6/15/2023 9:14:28 PM 400 Error URL Reputation is malfunctioning
6/15/2023 9:14:14 PM 1000 Error Faulting application name: CovenantEyesCommService.exe, version: 9.2.11.0, time stamp: 0x646ba70a...
6/15/2023 7:53:38 PM 264 Error The storage optimizer couldn't complete defragmentation on \\?\Volume{e8b46e1b-9b3d-11ed-b6ea-28d0ead66842}\ because: Volumes cannot be optimized due to file system type not supported. (0x8900002F)
Specifically, it write the first header about the system log, sleeps for 5 (or more, I tried changing it) seconds, then writes the second header about the application log and write the log entries.
I’ve event tried putting unrelated commands in the middle like a get-wmiobject. I even tried storing the log entries into variables and then writing the variables… same thing, doesn’t even reprint the headers like I would expect when writing two different variables.
Thanks, Rhys