Sign in

Microsoft.com

United States (English)

Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Italia (Italiano)Россия (Русский)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特别行政區 (中文)

Windows Server TechCenter

Windows Server TechCenter > Windows Server Forums > Windows PowerShell > Get windows Logs for only critical and warning level events

Get windows Logs for only critical and warning level events

Thursday, October 29, 2009 5:46 AMDontona

0
Sign In to Vote
Hi Guys,

I am trying to write a script to get events for all critical and warning level events in the application and system logs for a bunch of servers and have them emailed.

This is what I have so far

$logs = "Application", "System"
$yesterday = (get-date) - (New-TimeSpan -day 1)

$s = "localhost"
foreach ($server in $s)
{$server; get-winevent -logname System -computername $server | where {$_.timecreated -ge $yesterday}}

This script just dumps all events but I would like to filter on just critial and warning level events, if possible

Any help would be much appreciated
- Reply
- Quote

Answers

Thursday, October 29, 2009 6:45 AMVadims PodansMVP

0
Sign In to Vote
Yes it is possible. Event objects contain a property named Level and LevelDisplayName. Here is example how to use them:
```
# select by LevelDisplayName
Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"}
# select by Level property
# 2 - means Error
# 3 - means Warning
Get-WinEvent application | ?{$_.Level -eq 2 -or $_.Level -eq 3}
```
http://www.sysadmins.lv
- Marked As Answer byMarco ShawMVP, ModeratorThursday, October 29, 2009 3:12 PM
- Proposed As Answer byVadims PodansMVPThursday, October 29, 2009 6:45 AM
- Reply
- Quote

All Replies

Thursday, October 29, 2009 6:45 AMVadims PodansMVP

0
Sign In to Vote
Yes it is possible. Event objects contain a property named Level and LevelDisplayName. Here is example how to use them:
```
# select by LevelDisplayName
Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"}
# select by Level property
# 2 - means Error
# 3 - means Warning
Get-WinEvent application | ?{$_.Level -eq 2 -or $_.Level -eq 3}
```
http://www.sysadmins.lv
- Marked As Answer byMarco ShawMVP, ModeratorThursday, October 29, 2009 3:12 PM
- Proposed As Answer byVadims PodansMVPThursday, October 29, 2009 6:45 AM
- Reply
- Quote
Thursday, October 29, 2009 3:12 PMMarco ShawMVP, Moderator

0
Sign In to Vote
For emailing, check out the Send-MailMessage cmdlet...

(For anyone reading this and trying this out, Get-WinEvent and Send-MailMessage are PowerShell v2 features; they aren't available with v1.)
- Edited byMarco ShawMVP, ModeratorThursday, October 29, 2009 3:13 PMadd note
- Reply
- Quote

Need Help with Forums? (FAQ)