Thursday, April 26, 2012

Scripting Games 2012 Advanced Event 5

Advanced Event 5:

<#
.DESCRIPTION
    This script reports information about error events on local and remote computers.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/06/2012-scripting-games-advanced-event-5-list-errors.aspx
.PARAMETER Computers
    Name of the remote computer, if omitted localhost will be used.
.EXAMPLE
    event5.ps1
    To collect information about error events from local computer, run the script without parameters.
.EXAMPLE
    event5.ps1 "computer1","computer2"
    To collect information about error events on remote computers.
#>
param (
[string[]]$Computers=$env:computername
)
   
    $identity  = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    $principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
if (!($principal.IsInRole( [System.Security.Principal.WindowsBuiltInRole]::Administrator )))
{
    write-host "Warning: You're not running this script using elevated shell. You will not be able to access event logs that require Administrator permission."
}
Foreach ($server in $computers)
{
    Write-Host ""
    Get-WinEvent -listlog * -ea SilentlyContinue -ComputerName $server| Where-Object { $_.IsClassicLog -eq $true } | foreach {   
           
            write-host ($server + "  " + $_.logname) -BackgroundColor darkGray
           
            Get-WinEvent -ea silentlycontinue -ComputerName $Server -FilterHashtable @{logname = $_.logname ; level=2 } | `
                                              Group-Object Providername -NoElement | `
                                              Sort-Object Count -descending
    }
   
}

No comments:

Post a Comment