Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.
Risorse per professionisti IT >
Get windows Logs for only critical and warning level events

Con risposta Get windows Logs for only critical and warning level events

  • giovedì 29 ottobre 2009 05:46
     
     
    Registrati per votare
    0

    Hi Guys,

    I am trying to write a script to get events for all critical and warning level events in the application and system logs for a bunch of servers and have them emailed.

    This is what I have so far

    $logs = "Application", "System"
    $yesterday = (get-date) - (New-TimeSpan -day 1)

    $s = "localhost"
    foreach ($server in $s)
        {$server; get-winevent -logname System -computername $server | where {$_.timecreated -ge $yesterday}}

    This script just dumps all events but I would like to filter on just critial and warning level events, if possible

    Any help would be much appreciated

     

Tutte le risposte

  • giovedì 29 ottobre 2009 06:45
     
     Con risposta Contiene codice
    Registrati per votare
    0

    Yes it is possible. Event objects contain a property named Level and LevelDisplayName. Here is example how to use them:

    # select by LevelDisplayName
Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"}
# select by Level property
# 2 - means Error
# 3 - means Warning
Get-WinEvent application | ?{$_.Level -eq 2 -or $_.Level -eq 3}
    http://www.sysadmins.lv
     
  • giovedì 29 ottobre 2009 15:12
    Moderatore
     
     
    Registrati per votare
    0
    For emailing, check out the Send-MailMessage cmdlet...

    (For anyone reading this and trying this out, Get-WinEvent and Send-MailMessage are PowerShell v2 features; they aren't available with v1.)
     
  • giovedì 3 maggio 2012 02:35
     
     
    Registrati per votare
    0

    Is ther a way to use Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"} but go back to an hour ago.  Basically displaying all applications "error" events that have occurred within the past hour?

    Cheers.

    JCtech1123, Cheers

     
  • giovedì 3 maggio 2012 15:29
     
     
    Registrati per votare
    0

    Using Get-Winevent with a Where clause is pretty ineffective compare to these 3 parameters

    FilterHashTable

    FilterXML

    FilterXPath

    Cyreli

     
  • lunedì 7 maggio 2012 20:52
     
     
    Registrati per votare
    0

    Can you give me an example using one of the 3? 

    Cheers.

    JCtech1123, Cheers

    • Proposto come risposta Nishad20k giovedì 22 novembre 2012 14:22
    • Proposta come risposta annullata Nishad20k giovedì 22 novembre 2012 14:22
    •  
     
  • giovedì 22 novembre 2012 14:26
     
     
    Registrati per votare
    0

    $server= Get-Content "C:\list.log";
    $st= (Get-Date).adddays(-1)
    foreach($srv in $server)
    { $srv;Get-WinEvent -computername $srv -FilterHashtable @{logname="system";level=2,3;starttime=$st} | format-table id,timecreated,message -auto}


    • Modificato Nishad20k giovedì 22 novembre 2012 14:26
    •