none
Get-WinEvent script issue

    Question

  • Hi

    Relatively new to PS and tearing my hair out - pls help

    I need to create an alert if Storage Replica halts.

    I thought i had it cracked as if the alert occurs the script emails out as required

    If however the error event is not there or the log is empty it fails:

    $PastDay = (Get-Date).AddDays(-1)

    $event5014 = Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-StorageReplica/Admin"; StartTime = $PastDay; ID = 5014 }

    if ($event5014.Id -eq "5014")

    {
        $PCName = $env:COMPUTERNAME
        $EmailBody = $event5014 | format-list -property * | out-string
        $EmailFrom = "$PCName <StorageReplica@domain.com>"
        $EmailTo = "name@domain.com" 
        $EmailSubject = "Storage Replica Failure [Check Server Logs]"
        $SMTPServer = "mail.domain.com"
        Write-host "Sending Email"
        Send-MailMessage -From $EmailFrom -To $EmailTo -Subject $EmailSubject -body $EmailBody -SmtpServer $SMTPServer
    }
    else
    {
        exit
    }    

    Any suggestions please (simplest method preferred)

    Friday, April 21, 2017 10:01 AM

All replies

  • $event5014 = Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-StorageReplica/Admin"; StartTime = $PastDay; ID = 5014 } -erroraction continue
    
    if ($event5014 -like "*")

    Checking if the variable contains any data should be enough.

    Friday, April 21, 2017 10:08 AM
  • You don't need to check the variable.  Just use normal PowerShell methods.

    $mailprops = @{
    	From = "$($env:COMPUTERNAME) <StorageReplica@domain.com>"
    	To = 'name@domain.com'
    	Subject = 'Storage Replica Failure [Check Server Logs]'
    	SMTPServer = 'mail.domain.com'
    }
    $filter = @{ 
    	LogName = 'Microsoft-Windows-StorageReplica/Admin'
    	StartTime = [datetime]::Now.AddDays(-1)
    	ID = 5014 
    }
    
    if($e5014 = Get-WinEvent -FilterHashTable $filter){
    	Send-MailMessage @mailprops -Body ($e5014|format-list -property * | out-string)
    }
    


    \_(ツ)_/

    Friday, April 21, 2017 10:24 AM
    Moderator
  • Hi, Thanks for the suggestion, however..

    The problem appears more to be the way it is handling the actual get-winevent

    If i clear the log so it is empty and run:

    Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-StorageReplica/Admin"; StartTime = $PastDay; ID = 5014 } -erroraction continue

    i get:

    PS C:\Users\ncadmin10\Documents> Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-StorageReplica/Admin"; StartTime = $PastDay; ID = 5014 } -erroraction continue
    Get-WinEvent : No events were found that match the specified selection criteria.
    At line:1 char:1
    + Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-Storage ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
        + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

    So it seems to just halt there before even getting to the if statement

    ??

    Friday, April 21, 2017 10:28 AM
  • Yes.  If there are no events you will get an error.

    This will eliminate the error output.

    $mailprops = @{
    	From = "$($env:COMPUTERNAME) <StorageReplica@domain.com>"
    	To = 'name@domain.com'
    	Subject = 'Storage Replica Failure [Check Server Logs]'
    	SMTPServer = 'mail.domain.com'
    }
    $filter = @{ 
    	LogName = 'Microsoft-Windows-StorageReplica/Admin'
    	StartTime = [datetime]::Now.AddDays(-1)
    	ID = 5014 
    }
    
    if($e5014 = Get-WinEvent -FilterHashTable $filter -EA 0){
    	Send-MailMessage @mailprops -Body ($e5014|format-list -property * | out-string)
    }
    
    
    


    \_(ツ)_/

    Friday, April 21, 2017 10:34 AM
    Moderator
  • Thank you so much  - i was tearing my hair out trying so many different ways
    Friday, April 21, 2017 10:43 AM