PowerShell and Robocopy - Parsing Log for Event

Ask a question

Friday, March 16, 2012 3:33 AM

0
Good evening everyone, I would like some feedback on using placing Application event logs from parsed Robocopy logs using Powershell. So for I've been able to Place an event log into Event Viewer, which states the log's file name and if there was an error or not. I haven't been able to place information from the log into the event. There is another step, the log file from Robocopy will not end, it will continuously run gathering date of each transfer. (We are transferring incremental backups to an offsite location for our clients.)

So for I have found a few options:

http://thepowershellguy.com/blogs/posh/archive/2008/10/01/powershell-and-robocopy-part-5.aspx

Here is the code i used to perform my first example:
```
#requires -Version 2.0
## BEFORE you use this the FIRST time (only once per machine)
## you must run the following command elevated (as Administrator):
## New-EventLog Application Robocopy


Param(  [string]$LogPath  = "D:\",
        [string]$LogName  = "text.txt",
        [int]$ArchiveDays = 30
)
[string]$Log = Join-Path $LogPath $LogName
[string]$LogError = "$Log.ERROR.$(get-date -format 'yyyy-MM-dd-hhmmss')"
[string]$LogArchive = "$Log.ARCHIVE.$(get-date -format 'yyyy-MM-dd-hhmmss')"


$Errors = Select-String -Path $Log -Pattern 'ERROR .*0x0000.*$' -context 0,1 | 
          Group-Object { $_.Context.PostContext } | 
          Format-Table Count, Name -HideTableHeaders -AutoSize | Out-String
if($Errors) {
        write-eventlog Application -Source Robocopy -EventId 12 -EntryType Error -Message "$errors`n`nPlease check: $LogError"
        move $Log $LogError
} else {
        write-eventlog Application -Source Robocopy -EventId 1 -EntryType Information  -Message "Robocopy successful. Log archived: $LogArchive"
        move-item $Log $LogArchive
}
```
To sum up my request:

x - I would like to know if parsing information a continuously running log, if so, how?

x - within that hyperlink, would I be able to use that for what I'm trying to accomplish.

x - Ultimately I would like errors to be email to our helpdesk team, but i can find that out later.

Additional Information:

We have over 80 clients that use an incremental backup system(Zenith Arca) which is resting on a Windows 2003 DataCenter box. These backups are transferred offsite to a server, previously we used DeltaCopy, but saw a much greater improvement to use RoboCopy instead.

If I'm missing any needed information, please let me know. Thanks all!
- Edited by Ventu1 Friday, March 16, 2012 3:33 AM
- Edited by Ventu1 Friday, March 16, 2012 3:39 AM Additional Information
- Edited by Ventu1 Friday, March 16, 2012 3:47 AM
- Reply
- Quote

All Replies

Friday, March 16, 2012 4:02 AM

0
1. Take a look at Get-Help Get-Content; specifically the -Wait switch.
2. The link you posted only creates robocopy commands with parameters you specify. If that is what you were asking, then yes.
3. Get-Help Send-MailMessage -Full
Rich Prescott | Infrastructure Architect, Windows Engineer and PowerShell blogger | MCITP, MCTS, MCP

Engineering Efficiency
@Rich_Prescott
Windows System Administration tool
AD User Creation tool
- Reply
- Quote
Saturday, March 17, 2012 12:24 AM

0

Good evening, Thanks for the quick reply on this. I'll take a look at your suggestions.
- Reply
- Quote
Sunday, March 18, 2012 10:48 PM

1
Good evening, Rich - I was finally able to work a bit more on my script. I made a minor adjustment to 'almost' reach the goal I was looking for:
```
## BEFORE you use this the FIRST time (only once per machine)
## you must run the following command elevated (as Administrator):
## New-EventLog Application Robocopy
$Errors = Get-Content d:\Offsite.LOG | Select-string 'Error*'  -context 0,1 
if($Errors) {
        write-eventlog Application -Source Robocopy -EventId 12 -EntryType Error -Message "$Errors"
       
} else {
        write-eventlog Application -Source Robocopy -EventId 1 -EntryType Information  -Message "Robocopy successful. Log archived: $LogArchive"
}  
```
This will place the error message within Event viewer, but here is the current problem. Since this is a continuous log, the Get-Content will scan over the whole document, so will Select-String. Is there a way to have Get-Content/Select-String only project the most current error within Event viewer, and not all of them?

Thanks again!
- Edited by Ventu1 Sunday, March 18, 2012 11:03 PM Clean up unneeded code.
- Reply
- Quote
Sunday, March 18, 2012 11:41 PM

0

You can use Select-Object -Last 1 with your query. This scans the entire file and only returns the last object found.
Rich Prescott | Infrastructure Architect, Windows Engineer and PowerShell blogger | MCITP, MCTS, MCP

Engineering Efficiency
@Rich_Prescott
Windows System Administration tool
AD User Creation tool
- Reply
- Quote
Monday, March 19, 2012 1:41 AM

0

Since it appears this is a continuous process, I'd run the get-content or get-eventlog processes to tail the logs as a background job. Use receive-job in the main script running in a periodic loop to get and parse the log records that have been generated since the last cycle.
[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
- Reply
- Quote
Monday, March 19, 2012 2:53 AM

0

You can use Select-Object -Last 1 with your query. This scans the entire file and only returns the last object found.

Rich Prescott | Infrastructure Architect, Windows Engineer and PowerShell blogger | MCITP, MCTS, MCP

Engineering Efficiency
@Rich_Prescott
Windows System Administration tool
AD User Creation tool

Good evening Rich - Thanks again for the reply I have done more revamping, and things are working well. Just need to setup the continuous job.
- Reply
- Quote
Monday, March 19, 2012 3:09 AM

0
Since it appears this is a continuous process, I'd run the get-content or get-eventlog processes to tail the logs as a background job. Use receive-job in the main script running in a periodic loop to get and parse the log records that have been generated since the last cycle.

[string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

Good evening, I'll actually place the latest update in this reply:
```
#requires -Version 2.0
## BEFORE you use this the FIRST time (only once per machine)
## you must run the following command elevated (as Administrator):
## New-EventLog Application Robocopy

$Error = Get-Content d:\Offsite.LOG | Select-Object -Last 1
$Complete = Get-Content d:\Offsite.LOG | Select-Object -Last 1

if ($Main -like "*ERROR*") {
		write-eventlog Application -Source Robocopy -EventId 12 -EntryType Error -Message "$Error"
	}	else{
		 write-eventlog Application -Source Robocopy -EventId 1 -EntryType Information  -Message "$Complete"
		}
```
Pretty basic at this point, but works. That is correct mjolinor - we have setup ReoboCopy as a service, it will never stop unless of an error. The log itself will be updated every 10-15 seconds, so there in another thing to consider(at times these backups could be 300MBs-2GBs in size). We wouldn't want logs of each time there is a elapsed time difference within the log. I failed to mention that before. I'll take a look at these new suggestions and get back with you. Is my latest code on the right track, on a Best Practices standpoint?

Thanks again.
Edit: I do have a question about wait, I attempted to scan over Get-Help for the -wait parameter but i was unable to find anything. Even when looking over Get-Help Get-Content -full. Am i looking in the wrong spot?
- Edited by Ventu1 Monday, March 19, 2012 3:11 AM Removed -Wait / Question about wait.
- Edited by Ventu1 Monday, March 19, 2012 11:40 PM
- Reply
- Quote

PowerShell and Robocopy - Parsing Log for Event

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?