Powershell Script to get Windows Events info to Excel format

[Hun9865]

I have below powershell script for windows events to query, trying to write this script to get the Compueter name, Event ID, Source and description info to excel.

Looking for help to finish this script. This script to run on list of computers also.

$servers = get-content “c:\list.txt”
foreach ($server in $servers)
{
$server
Get-EventLog -LogName APPLICATION |Source "ACECLIENT" AND Where-Object { $_.EventID -eq 1001 } # I am not sure how to include here description "looking for 'File not found: C:\Program Files\Microsoft ISA Server\SDCONFIG.'"

}

 

[Hun9865]

I have done small changes to get the last five days events only but the script not showing any results.... Can any one help me here... pls...

$servers = get-content “C:\list.txt”
$OututPath="C\OUTPUT.csv"
$fromtime = (get-date).Adddays(-5)
get-eventlog -log Application -comp $servers | where {$_.source -eq "Defrag" -AND $_.EventID -eq 258 -and $_.message -like "*The disk defragmenter successfully*" -AND $_.TimeGenerated -EQ $FROMTIME  } | Export-Csv $OututPath -NoTypeInformation

# The Problem is I want to get the events for only last 5 days, When i added "-AND $_.TimeGenerated -EQ $FROMTIME" the output is not comming it is taking lot of time but not results. I think some logic problem.. Can any one help me here...

 

[GrimR]

I dont know powershell very well but the two post are completely different to each other.
You need to check out examples e.g. get-help get-eventlog -examples or get-help get-eventlog -Full
First of all this does not work

$servers = get-content “c:\list.txt”
foreach ($server in $servers)
{
$server

below
this reads the file and sorts it in descending order obviously i'm using write-host as to see the output.

$servers = get-content “c:\lists.txt”
Write-Host
$servers | sort-object -descending

APPLICATION |Source "ACECLIENT" means the name of the app in application log. but in the second one you list defrag and different event ID's

Do you know what event ID the file is causing in the event log? Is it application or system log, and what type of error are you looking for etc

You may want to work on this below then you can add variables [$events = Get=Eventlog blah blah] formating etc, and then worry about the output.

Get-EventLog -LogName "Application" -EntryType Error -After ((Get-Date).Date.AddDays(-5))

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[GrimR]

check out the scripting guy

http://gallery.technet.microsoft.com/scriptcenter/Get-Eventlog-error-569f479a

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[GrimR]

Going to need some help here.
What I did manage to do but testing is difficult since my admin privileges where taken away. [company expanded new it manager.]
This bit now works, reading computers and running against them, just output issue to resolve.

clear-host
$servers = get-content “c:\lists.txt”
$array = $servers
foreach ($computers in $array)
{
write-host $computers
}

This bit gives the two html files with the correct names but same content

clear-host
$style = ""
$style = $style + "Body{background-color:white;font-family:Arial;font-size:10pt;}" 
$style = $style + "Table{border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}" 
$style = $style + "TH{border-width: 1px; padding: 2px; border-style: solid; border-color: black; background-color: #cccccc;}" 
$style = $style + "TD{border-width: 1px; padding: 5px; border-style: solid; border-color: black; background-color: white;}" 
$style = $style + "" 
$date = get-date -format MM.dd.yyyy
$now = get-date
$subtractdays = New-Object System.Timespan 5,0,0,0,0
$then = $now.subtract($subtractDays)
$servers = get-content “c:\lists.txt”
$array = $servers
foreach ($computers in $array)
{
$strerror = Get-EventLog -LogName "System" -Computername $computers -After $then -Before $now -EntryType Error | 
select EventID,MachineName,Message,Source,TimeGenerated 
$strerror | ConvertTo-HTML -body $style | Out-file "C:\$computers.htm"
}

and moving the strerror out the code blocks only produces one filename that of the last computer it runs on, or putting it in the code blocks or it's own foreach loop also gives me same content in both files, like I said cant really test.

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[GrimR]

just pipe it

clear-host
$style = ""
$style = $style + "Body{background-color:white;font-family:Arial;font-size:10pt;}" 
$style = $style + "Table{border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}" 
$style = $style + "TH{border-width: 1px; padding: 2px; border-style: solid; border-color: black; background-color: #cccccc;}" 
$style = $style + "TD{border-width: 1px; padding: 5px; border-style: solid; border-color: black; background-color: white;}" 
$style = $style + "" 
$date = get-date -format MM.dd.yyyy
$now = get-date
$subtractdays = New-Object System.Timespan 5,0,0,0,0
$then = $now.subtract($subtractDays)

# $cred = Get-credential

$servers = get-content “c:\lists.txt”
$array = $servers

 foreach ($computers in $array)
{
    Get-EventLog -LogName "System" -Computername $computers -After $then -Before $now -EntryType Error | 
        select EventID,MachineName,Message,Source,TimeGenerated |
         ConvertTo-HTML -body $style | Out-file "C:\$computers.htm"

}

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP