Function for getting events

shane-taubman · February 14, 2021, 2:04pm

Hi Guys,

Looking for some help or ideas on how to create a function that will allow to get event log information. See below on the requirements

This is to be used for my HTML Powershell report as I’m wanting to convertto-HTML the following

ComputerName variable, Logname (normally application, system or security), Type and from the last hour, 24 hours and week.

 param([string]$ComputerName
    , [HashTable]$data
    , [string]$LogName
    , [string]$EntryInfo = "Information"
    , [string]$EntryWarn = "Warning"
    , [string]$EntrError = "Error"
    , [int]$LastHour = (Get-Date).AddHours(-1)
    , [int]$LastDay  = (Get-Date).AddHours(-24)
    , [int]$LastWeek = (Get-Date).AddDays(-7))

        try
        {

        $data = @()
        $Events = Get-EventLog -ComputerName $computername -LogName $LogName -EntryType $EntryError,$EntryWarn,$EntryInfo -After (Get-Date).AddHours(-1) -ErrorAction STOP -Verbose

        foreach ($event in $Events) {
		    $row = [PSCustomObject]@{
			    'Date/Time'      = $event.TimeWritten
                'EventID'        = $event.EventID
			    'Message'        = $event.Message
                'Source'         = $event.Source
                'Entry Type'     = $event.EntryType
		}
            $data += $row

?

aleksandr-kirilin1 · February 14, 2021, 4:41pm

Not to discourage, but based on the number of hosts and the overall requirement, you might want to consider sending those to Azure Log Analytics and using that to analyze (and draw reporting doughnuts as needed) and alert.

rob-simmers · February 15, 2021, 3:38am

The function wrapper is not really accomplishing anything and it actually getting the results slower by looping through the results. Get-EventLog is already function. Just provide the logname and computername:

try {
    $params = @{
        ComputerName = $computername 
        LogName      = $LogName 
        EntryType    = 'Information','Warning','Error'
        After        = (Get-Date).AddHours(-1) 
        ErrorAction  = 'Stop'
    }

    $Events = Get-EventLog @params |
            Select-Object -Property TimeWritten,EventId,Message,Source,EntryType,@{Name='ComputerName';Expression={$ComputerName}}
}
catch {
    [PSCustomObject]@{
        TimeWritten  = $null
        EventId      = $null
        Message      = ('Failed to get events. {0}' -f $_)
        Source       = $null
        EntryType    = $null
        ComputerName = $ComputerName
    }
}

shane-taubman · February 16, 2021, 2:07am

Thanks for the suggestions…the last recommendation seems neat and will work…

Topic		Replies	Views
Function that will allow to get event log information PowerShell Help	2	272	May 16, 2024
Powershell Script help : Windows events to Query and export PowerShell Help	1	289	May 16, 2024
Get-Eventlog hangs when using EntryType PowerShell Help	5	218	May 16, 2024
Get-EventLog help. PowerShell Help	1	190	May 16, 2024
Get-Eventlog not showing results PowerShell Help	9	209	May 16, 2024

Function for getting events

Related topics