服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Powershell脚本检查Windows事件日志中的重要消息
Intereting Posts
SVN和“精简版”Web服务器 防火墙configuration工作表? 移动用户时发生LDAP中断 Blade vs RackMount 戴尔BIOS更新date Windows与OS X上的PHP memory_get_peak_usage()之间的显着差异 如何禁用Just-in-Timedebugging消息? Nginx + php5-fpm + Symfony2 =“找不到文件” 从SQL Server 2005上的小磁盘空间备份恢复 使用GPO将颜色类别添加到Outlook 计算机无法获取域控制器名称 nginx在proxy_pass时添加url的path SLES 11 – ocfs2 – locking似乎不起作用 为什么IPTraf为我的接口显示多个MAC地址? 在Linux上使用相同的networking掩码或/ 32作为辅助IP

Powershell脚本检查Windows事件日志中的重要消息

我有一个PowerShell脚本检查应用程序和系统Windows事件日志中的错误。 有没有也让它检查关键的消息? 在Windows事件日志中。 以下是一个示例脚本: 

Set-Variable -Name EventAgeDays -Value 1 #we will take events for the latest 7 days Set-Variable -Name CompArr -Value @("Server 1") # replace it with your server names Set-Variable -Name LogNames -Value @("Application", "System") # Checking app and system logs Set-Variable -Name EventTypes -Value @("Error") # Loading only Errors and Warnings Set-Variable -Name ExportFolder -Value "C:\EventLogs\" $el_c = @() #consolidated error log $now=get-date $startdate=$now.adddays(-$EventAgeDays) $ExportFile=$ExportFolder + "el" + $now.ToString("yyyy-MM-dd---hh-mm-ss") + ".csv" # we cannot use standard delimiteds like ":" foreach($comp in $CompArr) { foreach($log in $LogNames) { Write-Host Processing $comp\$log $el = get-eventlog -ComputerName $comp -log $log -After $startdate -EntryType $EventTypes $el_c += $el #consolidating } } $el_sorted = $el_c | Sort-Object TimeGenerated #sort by time Write-Host Exporting to $ExportFile $el_sorted|Select EntryType, TimeGenerated, Source, EventID, MachineName, Message | Export-CSV $ExportFile -NoTypeInfo #EXPORT Write-Host Done! 

 Set-Variable -Name EventAgeDays -Value 1 #we will take events for the latest 7 days Set-Variable -Name CompArr -Value @("localhost") # replace it with your server names Set-Variable -Name LogNames -Value @("Application", "System") # Checking app and system logs Set-Variable -Name EventTypes -Value @("1") # Loading only Errors and Warnings Set-Variable -Name ExportFolder -Value "C:\EventLogs\" $el_c = @() #consolidated error log $now=get-date $startdate=$now.adddays(-$EventAgeDays) $ExportFile=$ExportFolder + "el" + $now.ToString("yyyy-MM-dd---hh-mm-ss") + ".csv" # we cannot use standard delimiteds like ":" foreach($comp in $CompArr) { foreach($log in $LogNames) { Write-Host Processing $comp\$log $el = get-winevent -ComputerName $comp -FilterHashtable @{logname="$log";level=$eventtypes;starttime=$startdate} $el_c += $el #consolidating } } $el_sorted = $el_c | Sort-Object TimeGenerated #sort by time #Write-Host Exporting to $ExportFile $el_sorted|Select LevelDisplayName, TimeCreated, ProviderName, ID, MachineName, Message

您可以将“事件types”更改为1,2,3,4(严重,错误,警告,信息)

如果你想过滤关键事件,那么你需要使用get-winevent而不是get-eventlog

像这样的东西 

 Get-WinEvent -computername $comparr -FilterHashTable @{logname=$lognames; Level=1}

https://blogs.msdn.microsoft.com/powershell/2009/05/21/processing-event-logs-in-powershell/ https://technet.microsoft.com/library/hh849682.aspx