by hunboy at 2012-11-06 19:01:53
I have below powershell script for windows events to query, trying to write this script to get the Compueter name, Event ID, Source and description info to excel.by hunboy at 2012-11-06 23:18:22
Looking for help to finish this script. This script to run on list of computers also.$servers = get-content “c:\list.txtâ€
foreach ($server in $servers)
{
$server
Get-EventLog -LogName APPLICATION |Source "ACECLIENT" AND Where-Object { $.EventID -eq 1001 } # I am not sure how to include here description "looking for ‘File not found: C:\Program Files\Microsoft ISA Server\SDCONFIG.’"
}
I have done small changes to get the last five days events only but the script not showing any results… Can any one help me here… pls…by Klaas at 2012-11-07 00:42:39
[code2=powershell]$servers = get-content “C:\list.txtâ€
$OututPath="C\OUTPUT.csv"
$fromtime = (get-date).Adddays(-5)
get-eventlog -log Application -comp $servers | where {$.source -eq "Defrag" -AND $.EventID -eq 258 -and $.message -like "The disk defragmenter successfully" -AND $.TimeGenerated -EQ $FROMTIME } | Export-Csv $OututPath -NoTypeInformation
# The Problem is I want to get the events for only last 5 days, When i added "-AND $.TimeGenerated -EQ $FROMTIME" the output is not comming it is taking lot of time but not results. I think some logic problem… Can any one help me here…[/code2]
Have you tried building up your script step by step; get the eventlog from one computer, output to the screen,… and see which steps work and which doesn’t?
Also, try to filter as soon as you can. The get-eventlog has a -source and a -after parameter, so it’s probably better to use those instead of piping all events and then filtering them with the Where-Object. There even is a -message parameter.
The source on my system is called 'Microsoft-Window-Defrag"Get-Eventlog -ComputerName MyPC -Logname Application -After $fromtime -Source "microsoft-windows-defrag"
Do you get any output from that?
I also think your $Oututpath needs a colon : "C]\OUTPUT.csv"