Everyday Powershell - Part 11 - Server Shutdown Comments

This is the next part in an ongoing series about Powershell. You may have heard about how awesome Powershell is but have struggled to find ways to make it useful in your day to day work. That's what this series is going to address. It'll provide scripts and knowledge to address practical everyday problems

Today we look at a most under appreciated source of IT comedy. The server shutdown comments! You know the ones... When you are in the middle of an outage, rebooting a server and the shutdown event tracker asks you "why?"! This can result in comedy gold! We ran this across our fleet and had a pretty good giggle at some of the comments.

Run this across so servers that have been in production for any length of time and I bet you have a chuckle at some of the comments your colleagues or you yourself have made over the years. I'd give you an example but the language in all our amusing comments is a little too 'salty'.

$servers = Get-ADComputer -filter {OperatingSystem -like "*Server*"} $report = @() $count = $servers.count $i = 1 foreach ($server in $servers) {     $prog = ($i / $count) * 100     Write-Progress  -Activity "Asking servers why they've been rebooted" -percentcomplete $prog     $events = $null     try     {         $events = Get-WinEvent -ComputerName $server.DNSHostName -filterhashtable @{logname="system"; id="1074"} | select TimeCreated, message     }     Catch     {         out-null     }     if ($events.count -gt 0)     {         $server.DNSHostName         foreach ($event in $events)         {             $temp = "" | Select-Object Server, Time, Comment             $start = ($event.Message).indexof('Comment:') + 9             $comment = ($event.message).substring($start)             $temp.server = $server.DNSHostName             $temp.time = $event.TimeCreated             $temp.comment =  $comment             $report += $temp                          }     }     $i++ } $report

This script will query AD for anything with "Server" in it's Operating System name. It then queries those servers system event logs for event ID 1074. The old "Shutdown event tracker".

You'll probably see a few errors when running this script. They'll be safe to ignore. We're not doing any fancy error handling, just a simple try/catch. So basically we ask the script to TRY something and if it fails CATCH that and do something else. In this case we're not doing anything just suppressing any errors.

We do have a fancy progress indicator though. The write-progress command is doing that for us. It requires us to know how many items we're going to process $count and how far through the list we are $i. We divide $i by $count for an indication of Percent Complete $prog.

We then chop up mangle the string in the .message property because we're really only interested in the "Comment" so we use substring to chop up the message. We've tried to keep that simple to understand.

We bundle our work into a $temp object and whack that on the end of $report which is what gives us our output.

So there you have it! Some more IT comedy! Obviously comedy is the optimal use of this sort of thing, but it could be used for practical purposes if you really wanted. You can just change that filterhastable to find any kind of event you want, I don't think many will be as funny, but you may well find some other useful applications.