Im having a real Brain Fart right now. If I supply my current code can you show me where to insert the above code you referenced into my script please?
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Define the event logs to extract
$logArray = @("Application", "System", "Security", "Setup")
#, "Forwarded Events"
# Provide the path to store the log file extraction
$destinationPath = "C:\WindowsEventLogs\"
# Get the current date in YearMonthDay format
$logDate = Get-Date -Format yyyyMMddHHmm
# Initialize an empty array to store log entries
$output = @()
# Extract each log file listed in $logArray
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
wevtutil epl $log $destination
}
#Create Zip File
$7zipPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zipPath -PathType Leaf)) {
throw "7 zip executable '$7zipPath' not found"
}
Set-Alias Start-SevenZip $7zipPath
$Source = "c:\WindowsEventLogs\*.evtx"
$Target = "c:\WindowsEventLogs\EventLog.zip"
Start-SevenZip a -mx=9 $Target $Source
# Send the log file via email
$smtpServer = "smtp.mail.yahoo.com"
$smtpPort = 587
$smtpUsername = "nal2us2@yahoo.com"
$smtpPassword = "****"
$smtp = New-Object System.Net.Mail.SmtpClient($smtpServer, $smtpPort)
$smtp.Credentials = New-Object System.Net.NetworkCredential($smtpUsername, $smtpPassword)
$smtp.EnableSsl = $true
$mail = New-Object System.Net.Mail.MailMessage
$mail.From = "nal2us2@yahoo.com"
$mail.To.Add("nal2us2@yahoo.com")
$mail.Subject = "Event Viewer Log Issues"
$mail.Body = "The following are the Errors and Warnings logged from the Event Viewer Over-Night"
$Attachment = [system.net.mail.attachment]::new("C:\WindowsEventLogs\EventLog.zip")
$Mail.Attachments.Add($Attachment)
$smtp.Send($mail)
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Define the event logs to extract
$logArray = @("Application", "System", "Security", "Setup")
# Provide the path to store the log file extraction
$destinationPath = "C:\WindowsEventLogs\"
# Get the current date in YearMonthDay format
$logDate = Get-Date -Format yyyyMMddHHmm
# Extract each log file listed in $logArray
<# previous method
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
wevtutil epl $log $destination
}
#>
# new method
$EventSession = New-Object System.Diagnostics.Eventing.Reader.EventLogSession
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
$EventSession.ExportLog($Log,'LogName',"*[System[(Level=2 or Level=3)]]",$Destination)
}
# Send the log file via email
$Password = "MyPassword" | ConvertTo-SecureString -AsPlainText -Force
$Credential = [System.Management.Automation.PSCredential]::new("nal2us2@yahoo.com", $Password)
$SendMail = @{
From = "nal2us2@yahoo.com"
To = "nal2us2@yahoo.com"
Subject = "Event Viewer Log Issues"
Body = "The following are the Errors and Warnings logged from the Event Viewer Over-Night"
Priority = "High"
Attachments = Get-ChildItem "C:\WindowsEventLogs\*.evtx"
SMTPServer = "smtp.mail.yahoo.com"
Port = 587
Credential = $Credential
BodyAsHtml = $true
ErrorAction = "Stop"
}
Send-MailMessage @SendMail
First off⌠allow me to thank you kindly for all your assistance today Grey. You are TRULY the best!!!
Ok, I tried to run the following code and instead of it giving me just the Error and Failure entries, it is still giving me everything.
Attached is the way I inserted the code into my program⌠Thanks again!!!
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Define the event logs to extract
$logArray = @("Application", "System", "Security", "Setup")
#, "Forwarded Events"
# Provide the path to store the log file extraction
$destinationPath = "C:\WindowsEventLogs\"
# Get the current date in YearMonthDay format
$logDate = Get-Date -Format yyyyMMddHHmm
# Initialize an empty array to store log entries
$output = @()
# Extract each log file listed in $logArray
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
wevtutil epl $log $destination
}
# new method
$EventSession = New-Object System.Diagnostics.Eventing.Reader.EventLogSession
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
$EventSession.ExportLog($Log,'LogName',"*[System[(Level=2 or Level=3)]]",$Destination)
}
#Create Zip File
$7zipPath = "$env:ProgramFiles\7-Zip\7z.exe"
if (-not (Test-Path -Path $7zipPath -PathType Leaf)) {
throw "7 zip executable '$7zipPath' not found"
}
Set-Alias Start-SevenZip $7zipPath
$Source = "c:\WindowsEventLogs\*.evtx"
$Target = "c:\WindowsEventLogs\EventLog.zip"
Start-SevenZip a -mx=9 $Target $Source
# Send the log file via email
$smtpServer = "smtp.mail.yahoo.com"
$smtpPort = 587
$smtpUsername = "nal2us2@yahoo.com"
$smtpPassword = "****"
$smtp = New-Object System.Net.Mail.SmtpClient($smtpServer, $smtpPort)
$smtp.Credentials = New-Object System.Net.NetworkCredential($smtpUsername, $smtpPassword)
$smtp.EnableSsl = $true
$mail = New-Object System.Net.Mail.MailMessage
$mail.From = "nal2us2@yahoo.com"
$mail.To.Add("nal2us2@yahoo.com")
$mail.Subject = "Event Viewer Log Issues"
$mail.Body = "The following are the Errors and Warnings logged from the Event Viewer Over-Night"
$Attachment = [system.net.mail.attachment]::new("C:\WindowsEventLogs\EventLog.zip")
$Mail.Attachments.Add($Attachment)
$smtp.Send($mail)
you still have both sections of code producing the evtx exports, so the second one is failing, leaving you with your original method.
find this code and remove it
foreach ($log in $logArray) {
$destination = Join-Path $destinationPath "$env:COMPUTERNAME-$log-$logDate.evtx"
Write-Host "Extracting the $log file now."
wevtutil epl $log $destination
}
You are not a human beingâŚ
You are an angel from PowerShell Heaven!!!
Thank you so much for all your help!!!.
It works!!!
God bless you and have a blessed upcoming work week⌠in Jesus name!!!
Sorry to bother you again Grey.
I am trying to setup that file in the Windows task scheduler.
It says its ârunningâ but nothing else is happening. Is there something I need to add to the script to make it run in task scheduler?
itâs less about the script and more about how you set up task scheduler. Itâd be best if you took pictures of the different settings tabs in Task Scheduler and pasted them here.
Ultimately this may not be a Powershell issue so it might fall out of scope of this forum. I also have to wonder: why bother emailing the Errors and Warnings of a Windows machine? Thereâs so much stuff in there and often 99% of it doesnât mean thereâs a problem or necessarily anything to worry about.
Itâs akin to getting a cat scan every day when you donât feel ill.
LOL!!! Who am I to argue with the Jedi Master. The whole reason I wanted to have this setup was to see if it was even possible as I didnt have any success with Python. Again so VERY MANY Thanks for your help. Without it, I would still be wandering the halls of PS frothing at the mouth yelling âthe sky is fallingâ LOL.
Attached are those screen shots. If you need me to expand on any of the fields I can do that. Just let me know.
You wonât need the part in red. Can you copy the highlighted text and paste it in your reply so we can see the whole string?
-ExecutionPolicy Bypass -File
Also I changed the âProgram/Scriptâ field to:
âC:\Users\nal2u\OneDrive\Desktop\Interview Package\Coding Examples\Power Shell\Event Viewer Loged Errors and Warnings.ps1â
youâre getting ahead of yourself. The âProgram/Scriptâ field was correct as it needs to be the path to Powershell, or it can just be âpwshâ or âpowershell.â I havenât seen anything in your code that requires Powershell v7 so you should be able to get away with Windows Powershell v5.1.
The âAdd arguments (optional)â field is what I was asking about and you said it contained this:
if thatâs really all that was in there thatâs your problem. Youâve got the -File argument but no value provided to it. After -File should be the path to your script wrapped in quotes. It looks like you may have provided that in your second reply so based on that your âAdd arugments (optional)â field should contain:
-ExecutionPolicy Bypass -File âC:\Users\nal2u\OneDrive\Desktop\Interview Package\Coding Examples\Power Shell\Event Viewer Loged Errors and Warnings.ps1â
The job interviews folder is a standard folder that I send all my PS scripts to from past work. I can change the path if it will make you feel better. Like I said earlier, I just wanted to see if PS for this task would be more effective than using Python which appears to be the case. I will make those scheduler changes and let you know what happens. Many thanks again Grey
Strange ⌠Grey.
I made the changes you indicated and now the job shows ârunningâ but then after a period of time⌠it goes back to âreadyâ status and it would appear that the task was not carried out. Not sure what to do at this point.
this is always the trouble with scheduled tasks and scripts. You get basically no feedback as to whatâs going on and it can be tedious to troubleshoot.
Try changing the âProgram/Scriptâ field to just contain:
powershell
and re-run. This is just going to try switching it to Windows Powershell v5.1 just as a test.
Changed to powershell only. Same result.
This is extremely strange. I am including a screenshot. The history window shows the task completed⌠even though it didnt.
LOL!!! It just gets wierder by the minute.
I run the event viewer task⌠it says its running in the main GUI.
I go to the âAll Running Tasksâ window and its not showing up there.
I am totally confused!!!
letâs make sure itâs not a permissions issue. Try setting it up to run as SYSTEM, like this:
ok, then if it was me Iâd add Start-Transcript to the script to see if that even happens and if it does what it records.
https://ss64.com/ps/start-transcript.html
might be nit-picking but itâs probably worth just re-verifying current settings. Whatâs in the Program/Script Field and the Arguments field. Even something as little as quotes or lack of can break it.