none
PowerShell Help RRS feed

  • Question

  • Hello,

    I am tring to get my script to process a list of server eventlog information.  The have it send me an email once a day.  I can get the code to get me the data in a grouped format so that I do not see a bunch of the same errors or warnings.  My problem at the moment is tring to get it to actually process the foreach from csv (which is a list of servers I want to check).  It keeps repeating the same info for the first server listed.  The servers_list.csv looks like:

    Servers  >  is the title

    server01

    server02

    Here is the code I have so far.  Thanks for any input..

    $day = Get-Date -format "MM/dd/yyyy"
    $servers = Import-Csv c:\test\servers_list.csv
    
    foreach($s in $servers){
    
    $a = Get-EventLog -ComputerName $s.servers -LogName System -newest 500 
    $b = $a | Where-Object { $_.Source -eq "Server Administrator" -and $_.TimeGenerated.Date -like "*$day*" }
    
    $b | Sort-Object MachineName, Message -Unique |
    Format-Table TimeGenerated,MachineName,EntryType,Message -GroupBy MachineName -AutoSize
    }
    
    


    • Edited by bigdog704 Monday, January 12, 2015 7:27 PM
    Monday, January 12, 2015 7:25 PM

Answers

  • server
    10.3.1.6
    10.7.1.5


    $servers = Import-Csv c:\test\servers_list.csv
    
    $servers |
        ForEach-Object{
            Write-Host "Processing: $($_.server)" -fore green
            Get-Eventlog -ComputerName $_.server -After ([datetime]::Today) -LogName system -Source 'Server Administrator'
        } |
        Group-Object MachineName,EventID |
        Sort-Object MachineName 
    

    Look at the tracing output to see what you are actually doing.

    Do not change this code before running it.  I suspect you are and are introducing errors.  If Mike and I can run this then youare doing something wrong or hidden.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, January 13, 2015 4:01 PM
    • Marked as answer by bigdog704 Wednesday, January 14, 2015 6:03 PM
    Tuesday, January 13, 2015 4:00 PM

All replies

  •  Get-EventLog -ComputerName $s.servers -LogName System -newest 500

    Maybe remove the s at the end of servers???



    ¯\_(ツ)_/¯

    Monday, January 12, 2015 7:53 PM
  • This would be faster:

    $day = [datetime]::Today
    $servers = Import-Csv c:\test\servers_list.csv
    
    foreach($s in $servers){
        Get-EventLog -ComputerName $s.server -LogName System -newest 500  -after $day 
    } |
      Sort-Object MachineName, Message -Unique |
      Format-Table TimeGenerated,MachineName,EntryType,Message -GroupBy MachineName -AutoSize
    

    Just be sure your CSV has a column named "server"


    ¯\_(ツ)_/¯

    Monday, January 12, 2015 7:57 PM
  • Also note that your sort won't do what you want.

    Use Group-Object instead.  Group by machine and eventid.

    Like this:

    Get-Eventlog -After ([datetime]::Today) -LogName system |
        Group-Object MachineName,EventID|
         sort name


    ¯\_(ツ)_/¯

    Monday, January 12, 2015 8:05 PM
  • I am tring to focus on the $_.Source -eq "Server Administrator" errors/warnings.  With your code it is now processing all the servers in the csv but which good but I do need to filter it down to the server admin info...  But when I try to edit in the where-object line $_.Source -eq "Server Administrator" it only does the first server listed.  I also did not meantion that I would like to export this information to a csv file if possible.. Thanks to everyone's responses so far..
    Monday, January 12, 2015 8:29 PM
  • I am tring to focus on the $_.Source -eq "Server Administrator" errors/warnings.  With your code it is now processing all the servers in the csv but which good but I do need to filter it down to the server admin info...  But when I try to edit in the where-object line $_.Source -eq "Server Administrator" it only does the first server listed.  I also did not meantion that I would like to export this information to a csv file if possible.. Thanks to everyone's responses so far..

    I can't see you code so I cannot help.


    ¯\_(ツ)_/¯

    Monday, January 12, 2015 8:33 PM
  • First you need to learn to use "help" for the CmdLets.  You are just guessing at things with no purpose or understanding.  This will cause you to go in circles for months.

    HELP Get-Eventlog -Full

    Get-Eventlog -After ([datetime]::Today) -LogName system -source 'Server manager' |
         Group-Object MachineName,EventID|
         sort name


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Monday, January 12, 2015 8:46 PM
    Monday, January 12, 2015 8:37 PM
  • Here's my orginal code:
    $day = Get-Date -format "MM/dd/yyyy"
    $servers = Import-Csv c:\test\servers_list.csv
    
    foreach($s in $servers){
    
    $a = Get-EventLog -ComputerName $s.server -LogName System -newest 500 
    $b = $a | Where-Object { $_.Source -eq "Server Administrator" -and $_.TimeGenerated.Date -like "*$day*" }
    
    $b | Sort-Object MachineName, Message -Unique |
    Format-Table TimeGenerated,MachineName,EntryType,Message -GroupBy MachineName -AutoSize
    }
    
    
    

    Monday, January 12, 2015 8:37 PM
  • Your original code is wrong.  Please review what I have posted.  If you have questions ask them in reference to the code I posted.

    Your code is faulty for many reasons and will not execute smoothly or quickly.

    Passing large amopunts of data around in variables is not a good way to do this.  Making a date string that is used to filter records after they have been transferred from remote systems is very inefficient. That is what -after is for and -after uses a date variable and not a string.

    By using help to learn how to use the CmdLets and the pipeline you will find that you will not run into these issues in the future.


    ¯\_(ツ)_/¯

    Monday, January 12, 2015 8:46 PM
  • Sorry.  I am still learning,

    Here is what I have by using your code.  I only get the info for the first server.  It gives me columns count,name,group which is not much help to me.  I like seeing the description of the error/warning.  Here is the code so far... Thanks again.

    $servers = Import-Csv c:\test\servers_list.csv
    
    foreach($s in $servers){
    Get-Eventlog -ComputerName $s.server -After ([datetime]::Today) -LogName system -Source 'Server Administrator' |
         Group-Object MachineName,EventID |
         Sort-Object MachineName }

    Monday, January 12, 2015 9:09 PM
  • You must place your formatters outside of the loop and try to avoid spelling mistakes:

    $servers = Import-Csv c:\test\servers_list.csv
    
    foreach($s in $servers){
        Get-Eventlog -ComputerName $s.server -After ([datetime]::Today) -LogName system -Source 'Server Administrator'
    } |
      Group-Object MachineName,EventID |
      Sort-Object MachineName


    ¯\_(ツ)_/¯

    Monday, January 12, 2015 9:43 PM
  • When I use this code I get an error.  Looks like it does not like the loop to be closed before the pipe.

    At line:6 char:102
    + ... dministrator'} |
    +                    ~
    An empty pipe element is not allowed.
        + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : EmptyPipeElement
     

     

    Tuesday, January 13, 2015 1:57 PM
  • I want to be able to see stuff like this..

    TimeGenerated        MachineName EntryType Message                                                             
    -------------        ----------- --------- -------                                                             
    1/13/2015 3:11:33 AM SERVER01    Warning    Predictive Failure reported:  Array Disk 0:1 Controller 0, Channel 0
    
    1/13/2015 3:21:33 AM SERVER02    Warning    Predictive Failure reported:  Array Disk 0:1 Controller 0, Channel 0

    My issue is I can not get this to pull all servers listed in csv I am only getting the first one listed.

    My needs are:

    1 > getting this code to pull from all the servers listed in csv.

    2 > get it in a format to export to a csv so I can then email it

    in case is helps any.  I am using powershell v3

    Thanks again for your help



    • Edited by bigdog704 Tuesday, January 13, 2015 2:15 PM
    Tuesday, January 13, 2015 2:13 PM
  • $servers = Import-Csv c:\test\servers_list.csv $servers |
    ForEach-Object{ Get-Eventlog -ComputerName $_.server -After ([datetime]::Today) -LogName system -Source 'Server Administrator' } | Group-Object MachineName,EventID | Sort-Object MachineName

    Sorry - you need to do it like tgis to mmake this work correctly.

    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, January 13, 2015 2:37 PM
    Tuesday, January 13, 2015 2:35 PM
  • Note that you cannot sort on message as it will be different for almost all messages and will undo the "Unique" option.

    If you want more info you will have to design and build a custom formatter.


    ¯\_(ツ)_/¯

    Tuesday, January 13, 2015 2:40 PM
  • This is still just giving me the first servers info..
    Tuesday, January 13, 2015 2:44 PM
  • This is still just giving me the first servers info..

    Are you sure you actually have a good input file?

    Example output from jrv's script:

    Count Name
    ----- ----
       10 Server1.corp....
        5 Server1.corp....
        1 Server1.corp....
        1 Server1.corp....
        1 Server1.corp....
        7 Server2.corp....
       10 Server2.corp....
        1 Server2.corp....
        1 Server2.corp....
        1 Server2.corp....


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Tuesday, January 13, 2015 3:13 PM
  • positive I even recreated it to make sure.
    Tuesday, January 13, 2015 3:41 PM
  • positive I even recreated it to make sure.

    It has a header of Server? Post the first few lines.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Tuesday, January 13, 2015 3:42 PM
  • server
    10.3.1.6
    10.7.1.5
    Tuesday, January 13, 2015 3:53 PM
  • server
    10.3.1.6
    10.7.1.5


    $servers = Import-Csv c:\test\servers_list.csv
    
    $servers |
        ForEach-Object{
            Write-Host "Processing: $($_.server)" -fore green
            Get-Eventlog -ComputerName $_.server -After ([datetime]::Today) -LogName system -Source 'Server Administrator'
        } |
        Group-Object MachineName,EventID |
        Sort-Object MachineName 
    

    Look at the tracing output to see what you are actually doing.

    Do not change this code before running it.  I suspect you are and are introducing errors.  If Mike and I can run this then youare doing something wrong or hidden.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, January 13, 2015 4:01 PM
    • Marked as answer by bigdog704 Wednesday, January 14, 2015 6:03 PM
    Tuesday, January 13, 2015 4:00 PM
  • I think the problem was that it did not have any warnings for today on one of the two servers I was testing.  I changed the threshold on the temp to see if it would produce an event, and it did.

    Tuesday, January 13, 2015 4:02 PM
  • If that were true you would have gotten this error:

    Get-Eventlog : No matches found
    At line:1 char:1
    + Get-Eventlog  -After ([datetime]::Today) -LogName system -Source 'Server Adminis ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (:) [Get-EventLog], ArgumentException
        + FullyQualifiedErrorId : GetEventLogNoEntriesFound,Microsoft.PowerShell.Commands.GetEventLogCommand


    ¯\_(ツ)_/¯

    Tuesday, January 13, 2015 4:07 PM
  • After looking at the entire eventlog for the server that was not responding before I did the temp test.  It did not have anything listed where source = 'Server Administrator'.  Can you tell me why when it has failed drive installed that it did not return an event for it? 

    Thanks all of your help.

     

    Tuesday, January 13, 2015 4:30 PM
  • After looking at the entire eventlog for the server that was not responding before I did the temp test.  It did not have anything listed where source = 'Server Administrator'.  Can you tell me why when it has failed drive installed that it did not return an event for it? 

    Thanks all of your help.

     

    This is not a scripting question.  It is an operational question.  Why would you expect the EL to have a message?  Just because it shows in SA does not mean there is a current EL for it.  When the drive was marked as failed is when the EL was generated.  That could have been last week.  The failure will not be "sourced" as "Server manager".

    I recommend using Get-WinEvent as it is much more poserful and more granular.  You can also specify multiple sources and event codes.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, January 13, 2015 4:54 PM
    Tuesday, January 13, 2015 4:35 PM
  • By the way, the soure for disk failures is "Disk" and not "Server Manager"

    You would do better scanning for type of Error or Warning.

    The following gets all errors and warnings form the precious 24 hour day midnight-to-midnight.

    Get-EventLog -LogName system -EntryType Error,Warning -before ([datetime]::Today) -after ([datetime]::Today.AddDays(-1))

    Spend some time learning how the event log works and you will find it is very easy to query.

    Get-WinEvent is even easier.


    ¯\_(ツ)_/¯


    • Edited by jrv Tuesday, January 13, 2015 4:54 PM
    Tuesday, January 13, 2015 4:53 PM