Hi All,
I recently had a need to go out to remote servers and get event log entries so I would be look at them on a single page. In my case, we had a bunch of remote servers being backed up separately using backup exec and no central console to see if all the jobs completed successfully or not. We were relying on going through multiple emails looking for successes and failures (which was time consuming) so I decided to use the “Get-WinEvent” cmdlet to solve the problem.
Explanation of the script
The Script below will accomplish the above goal. You can manipulate this script to accomplish your own goals. In my example I read the server names using the “Get-Content” cmdlet from a list of server names stored in a file on the root of the “C” drive called “server.txt” which you will need to create. The “$starttime” variable is used to specify that I want to go back one day from the current date and time (you can raise the number to how many days you desire). The script then goes through the list and reads the eventviewer on each server using the “Get-WinEvent” cmdlet with the “FilterHashTable” parameter to specify the logname, the provider name and starttime (what date to start from). I used the “ErrorAction” parameter so I don’t receive any ugly error messages if it doesn’t find an event from the provider. The last line converts it to HTML and tells it which properties you would like to see in the table.
The Script
$layout = “<style>”
$layout = $layout + “BODY{background-color:White;}”
$layout = $layout + “TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}”
$layout = $layout + “TH{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:LightGrey}”
$layout = $layout + “TD{border-width: 1px;padding: 5px;border-style: solid;border-color: black;background-color:ForalWhite}”
$layout = $layout + “</style>”
$ServerList = get-content -path C:\serverlist.txt
$starttime = (get-date).adddays(-1)
$b = foreach ($Server in $ServerList)
{
Get-WinEvent -computer $Server -FilterHashtable @{logname=”application”; providername=”Backup Exec”; starttime=$starttime} -ErrorAction SilentlyContinue
}
$b | ConvertTo-HTML -Head $layout MachineName,ID,TimeCreated,Message >c:\BackupStatus.html
The Output
The output will look like an Excel spreadsheet and be written to the file name specified (in this case a file named “BackupStatus.html”). It will have the headings specified in the “ConvertTo-HTML” cmdlet (in this can they will be MachineName, ID, TimeCreated and the Message”) and all the information will listed in the cells below those headings for each server.
The script above is just one example of how the Get-WinEvent cmdlet can be used to comb the eventlogs on remote servers. There are many ways this can be manipulated to suit your own needs. For more information on the Get-WinEvent cmdlet and the options that it offers just simple type Get-Help Get-WinEvent. As always, test this script out to make sure it will perform the actions you need. I hope this helps. If you have any questions or feedback please leave a comment.