by john808 at 2013-03-06 08:24:49
Hi,by DonJ at 2013-03-06 08:30:18
I’m wokring a script to collect events from the application log. I found part of a script but would like to make some changes and I’m hoping for some advice. When the script runs it will collect events over a 24 hour period, but I don’t want to see repeat alerts, I would prefer to see a count of repeat alerts.
This is script I have at the moment…
}Write-Host "Querying servers for event log errors in the last 24 hours…";
Write-Host "";
foreach($server in $servers)
{
Write-Host $server;
Write-Host "====================================";
Write-Host "";
foreach($log in $logs)
{
Write-Host "$log Event Log";
Write-Host "=================";
Get-EventLog -ComputerName ****** -LogName application -EntryType Error, warning -After $(Get-Date).AddHours(-24) | Format-Table -AutoSize;
}
}
First, stop using Write-Host. That’ll skew the output.by john808 at 2013-03-06 08:34:42
Second, try piping the results to Group-Object and grouping on the eventid property. See if that gets you closer to what you want.
Thanks for the prompt reply.by DonJ at 2013-03-06 08:40:04
What would you suggest instead of Write-Host? I plan to write the final output to a text file.
Write-Host isn’t redirectable to a file. If you’re just looking to set some "header" content in the file, send that to the file first:by john808 at 2013-03-06 08:50:22
"Heading" | Out-File whatever.txt
Then do your actual output:
Get-EventLog -Logname Security -Newest 100 | Group-Object -Property EventID | Whatever | Out-File whatever.txt -append
HTML would be better, and offers a lot more flexibility. See my free ebook on HTML reporting at PowerShellBooks.com, if you like.
Thanks a lot for the advice. I’ve removed the write-host parts all together now and just used the part belowby john808 at 2013-03-12 08:14:17Get-EventLog -ComputerName localhost -LogName application -EntryType Error, warning, information -After $(Get-Date).AddHours(-24)`
| group-object -Property eventid |format-list
I’ve run some other scripts that gave a html output and it looks good, but I thought first I will just get an text output then progress. I’m finished for today but will no doubt have more questions tomorrow
Thanks again for your time and advice.
Hi,by MasterOfTheHat at 2013-03-13 07:47:09
I’m trying to run the above mentioned script on some remote servers. The problem I’m having is adding in a prompt for credentials. I’ve tried "-credential **" but this doesn’t seem to work when using the above script.
I’m suspecting I maybe need to use "get-wmiobject -class *****", but I’m not sure how to go about this? I’ve previous added credentials in to a script successfully but I’m not sure where I’m going wrong. I think I’ve looked at this for so long I can’t see the easy answer.
Thanks.
Get-EventLog doesn’t support using alternate credentials, so you would either have to start the powershell session using those credentials or just use Get-WinEvent instead since it supports a -credential parameter.
Pretty much identical output:Get-WinEvent -ComputerName server01 -LogName application -Credential (Get-Credential) | Where-Object timecreated -gt "
03/10/2013" | Group-Object ID