Advanced Event 5:
<#
.DESCRIPTION
This script reports information about error events on local and remote computers.
.LINK
http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/06/2012-scripting-games-advanced-event-5-list-errors.aspx
.PARAMETER Computers
Name of the remote computer, if omitted localhost will be used.
.EXAMPLE
event5.ps1
To collect information about error events from local computer, run the script without parameters.
.EXAMPLE
event5.ps1 "computer1","computer2"
To collect information about error events on remote computers.
#>
param (
[string[]]$Computers=$env:computername
)
$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
if (!($principal.IsInRole( [System.Security.Principal.WindowsBuiltInRole]::Administrator )))
{
write-host "Warning: You're not running this script using elevated shell. You will not be able to access event logs that require Administrator permission."
}
Foreach ($server in $computers)
{
Write-Host ""
Get-WinEvent -listlog * -ea SilentlyContinue -ComputerName $server| Where-Object { $_.IsClassicLog -eq $true } | foreach {
write-host ($server + " " + $_.logname) -BackgroundColor darkGray
Get-WinEvent -ea silentlycontinue -ComputerName $Server -FilterHashtable @{logname = $_.logname ; level=2 } | `
Group-Object Providername -NoElement | `
Sort-Object Count -descending
}
}
<#
.DESCRIPTION
This script reports information about error events on local and remote computers.
.LINK
http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/06/2012-scripting-games-advanced-event-5-list-errors.aspx
.PARAMETER Computers
Name of the remote computer, if omitted localhost will be used.
.EXAMPLE
event5.ps1
To collect information about error events from local computer, run the script without parameters.
.EXAMPLE
event5.ps1 "computer1","computer2"
To collect information about error events on remote computers.
#>
param (
[string[]]$Computers=$env:computername
)
$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
if (!($principal.IsInRole( [System.Security.Principal.WindowsBuiltInRole]::Administrator )))
{
write-host "Warning: You're not running this script using elevated shell. You will not be able to access event logs that require Administrator permission."
}
Foreach ($server in $computers)
{
Write-Host ""
Get-WinEvent -listlog * -ea SilentlyContinue -ComputerName $server| Where-Object { $_.IsClassicLog -eq $true } | foreach {
write-host ($server + " " + $_.logname) -BackgroundColor darkGray
Get-WinEvent -ea silentlycontinue -ComputerName $Server -FilterHashtable @{logname = $_.logname ; level=2 } | `
Group-Object Providername -NoElement | `
Sort-Object Count -descending
}
}
No comments:
Post a Comment