PowerShell | Get-EventLog
Simple one today! We are going to playing around with getting logs.
Get-EventLog
simple done…. well almost
lets make it make it actually work for us
$Event = Get-EventLog -LogName System -Newest 1000
or
$Event = Get-EventLog -LogName Application -Newest 1000
$Event
now lets sort these puppies
$Event | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending | Format-Table *
Thats Much nicer output!
Last 7 days of logs
So thats nice however the -Newest isnt that helpful if you are doing this constantly so lets change it a bit
$Date = (Get-Date).AddDays(-7)
$Event = Get-EventLog -LogName System -After $Date EntryType Error, Warning
$Event | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending | Format-Table *
Now lets output this to a txt file too
$DateFormatted = Get-Date -Format FileDate
$Event | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending | Format-Table * | Out-File -FilePath “C:\Logs$DateFormatted.txt”
This could be handy scheduled task for checking counts for events and seeing whats causing them and if an action is actually needed? Could also have them emailed to an email address too. PowerShell | Using Send-MailMessage to Send Email
I hope this is helpful!
|
