Thursday, January 2, 2014

Everyday Powershell - Part 14 - Working with event logs at specific times

This is the next part in an ongoing series about Powershell. You may have heard about how awesome Powershell is but have struggled to find ways to make it useful in your day to day work. That's what this series is going to address. It'll provide scripts and knowledge to address practical everyday problems

Missed a week over Christmas and a day late with this post. We trust you'll forgive us, holidays is holidays. For us that means no computer.

Today's script is a simple one for looking at all the events in an event log within a certain time frame.

It's the kind of script you need when the boss reports odd behavior on his or her PC. You ask "what time was this boss?" bang in the time frames the boss reports into this script and you'll get a list of events in that time frame! Oh powershell you're so useful!

[String]$ComputerName = "someserver"
[String[]]$EventLogNames=@("Application","System")#Main eventlogs
$EventStartDate = (Get-Date).addhours(-6)
$EventEndTime = (Get-Date).addhours(-4)

$EventCritea = @{logname = $EventLogNames; StartTime=$EventStartDate; EndTime=$EventEndTime}
Get-WinEvent -ComputerName $ComputerName -FilterHashTable $EventCritea  -ErrorAction SilentlyContinue

$eventstatdate and $eventstarttime don't have to be relative to the current time. Bonus points if you can figure out the correct syntax for inputting an arbitrary time.

No comments:

Post a Comment