51 questions
1
vote
2
answers
50
views
How can I resolve PowerShell script "cannot index null value" from line 6 of the code below
# Set the number of days to look back
$DaysBack = 7
# Get the current date and time
$EndDate = Get-Date
# Calculate the start date
$StartDate = $EndDate.AddDays(-$DaysBack)
# Get the list of users ...
0
votes
1
answer
52
views
Get-EventLog loop for psobjects, strange results
I've to collect certain events for sharing it by mail; I'm missing something because the script, take a lot of time for only 2 servers and, the result is absurd!
Server1 events count:
$Etype = @( &...
- 81
0
votes
0
answers
31
views
How to retrieve the event log entries from Event viewer using wmi api or window event log API?I have to fetch the below datas and not the properties
System
Provider
[ Name] MSSQL$MSSQLSERVER01
EventID 25753
[ Qualifiers] 16384
Version 0
Level 4
Task 2
Opcode 0
Keywords 0x80000000000000
TimeCreated
[ SystemTime] 2024-04-25T08:50:12....
- 1
1
vote
1
answer
392
views
Filter get-eventlog by the subjects account name
I've created a little script that runs on our districts domain controllers that sends out an email any time a user is created in AD to our networking team. The script works great, but we want to ...
- 97
0
votes
1
answer
514
views
How to print process ıd in event log?
Im trying to get process id from my Get-Eventlog. I can not parse the process id from the message. How ı can get it from there ? I tried With Select string -Pattern but it did not worked. My ...
- 17
2
votes
1
answer
919
views
PowerShell - Grabbing user from security.etvx files
I'm not use to using PowerShell at all but so far I have the following code to grab a 4625 event
Get-WinEvent -MaxEvents 1 -FilterHashtable @{Path="C:\Users\ScriptTesting\Desktop\Security.evtx&...
- 135
1
vote
2
answers
996
views
How to exclude specific user in get-eventlog
I have the following script
get-eventlog -LogName Security -InstanceId 4663 -after (Get-Date).AddMonths(-1) -before (Get-Date) |
Select TimeWritten, @{Name="Account Name";Expression={ $_....
- 77
0
votes
1
answer
476
views
getting eventlogs from Applications and Services log using python
I am trying to read event logs from Applications and Services log using python. However the output are not as expected. (Actual 10 vs output 838)
I am using the following code. Was wondering if there ...
- 606
0
votes
1
answer
683
views
Powershell Filtering EventID with Where-Object
i am trying to Filter out some EventIDs from Get-Event log like this :
...More code here
Get-EventLog -LogName $_ -EntryType Warning,Error |
Where-Object {$_.EventID -ne '0|1|2|3|4|7|8|9|10|14|15|17.....
- 1
0
votes
3
answers
7k
views
(PowerShell) How do I filter usernames with Get-EventLog
I'm working on a Powershell script to get all users who have logged in/out of a server in the past 7 days, where their name is not like "*-organization". The below works, but no matter what ...
1
vote
1
answer
2k
views
Export errors and warnings from all event logs using powershell
I am using the following code to export errors and warnings from all event logs into one text file.
It works but is very slow and some of the messages are truncated. I wondered if there was a more ...
- 41
0
votes
0
answers
203
views
Powershell Get-EventLog System -After -Before from remote nodes
I'm trying to get the EventLog systems from a list of nodes; I'm using psexec
and Get-EventLog.
I would like to speed up the procedure by adding the After and Before parameters that I would like to ...
2
votes
1
answer
5k
views
Powershell - Login/Logoff Events - Get-WinEvent vs Get-EventLog
I've been working on a script to pull logon/logoff history out of the Event logs. The issue is that almost every code example I found uses "Get-EventLog" which does work, but is extremely slow ...
- 51
0
votes
2
answers
3k
views
Powershell Get-EventLog from computers.txt and save data
I have some problems getting EventLog and save data. I am able to get my EventLogs but not logs from network computers.
Here is the code I am running:
$logFileName = "Application"
$path = $...
- 1
0
votes
1
answer
283
views
powershell get-eventlog add if more than 5 times
I am using:
"%windir%\system32\WindowsPowerShell\v1.0\powershell.exe" $log=Get-EventLog -LogName Security -InstanceID 4625 -After (Get-Date).AddDays(-60); if (($log)) {Write-Output $log[0].Message} ...
- 1
0
votes
1
answer
1k
views
Export Windows Logs with Precise Time
I am attempting to export Windows logs using the Get-WinEvent Powershell cmdlet. The following will get me the time precision I am looking for, but this only gets me the timestamp. I need to join the ...
1
vote
1
answer
740
views
Group eventlog entries and count errors
I have the following code which enumerates all event log sources and grabs the last few days worth of errors and warnings.
Get-WinEvent -ListLog * -EA silentlycontinue |
Where-Object { $_....
- 11
2
votes
1
answer
891
views
Get-EventLog not parsing Message when run by SYSTEM user
Problem
I am trying to schedule a job that monitors events on remote machines.
I wrote the script based on the Get-EventLog command and it works properly when run by my account. But when I run the ...
2
votes
2
answers
1k
views
Powershell: Can't get Output for specific Event IDS using Get-EventLog
I am new in Powershell. I am trying to get information for several event IDS regarding account management audit. I know that the script I wrote it's not efficient enough but I dont think it's the ...
4
votes
2
answers
2k
views
Sort-Object having no effect on Get-EventLog
I'm trying to find the oldest retained Event in the Security Event Log through powershell.
Using the following command: (Get-EventLog Security | Sort-Object -Property Time -Descending)
This returns ...
- 57
0
votes
2
answers
792
views
Storing EventViewerLogs in Excel spreadsheet from Powershell
I want to store the output of:
$Application = Get-EventLog -LogName Application | Where-Object {($_.EntryType -like 'Error' -or $_.EntryType -like 'Warning')};
in an excel spreadsheet.
I tried ...
- 37
0
votes
1
answer
2k
views
Filter EventLog based on date
I am trying to pull out some information from the eventlog through PowerShell based on the date today.
So far I have the code below:
$today = (Get-Date).ToString("dd/MM/yyyy")
Get-EventLog Security |...
- 25
0
votes
1
answer
5k
views
Powershell Windows Forms onClick event
I have a Windows forms (in PowerShell), and the form has a button with onclick event but the command in the onclick isn't run. I don't know why, because it can be run sepratley. My sciptblock is here:
...
- 13
2
votes
0
answers
330
views
Why do I get different results with Get-WinEvent versus Get-EventLog?
I'm trying to use Get-WinEvent to retrieve events from the eventlog for specific provider names that my company uses to write to the eventlog. I'm finding that I'm getting differing results depending ...
- 39
-2
votes
2
answers
626
views
read userinput and pass to Get-EventLog function
Please suggest the way forward for this, similarly I have to do for enddate, username etc.
sample:
$StartDate, $String = "", ""
$StartDate = Read-Host -Prompt 'Enter the start date of the logs, Ex: ...
- 236
3
votes
0
answers
4k
views
The specified channel could not be found EventViewer
I am opening windows event viewer security logs which under Windows Logs but its displaying an error as below.(Other logs are working)
Event viewer cannot open the event log or custom view, Verify ...
- 65
0
votes
3
answers
695
views
Powershell Get-EventLog output issue when logging
I am having an issue with the writing of a get-eventlog function when I'm writing to a TXT file.
This is my LogWrite function:
#Log Function
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$...
0
votes
1
answer
3k
views
Get-Eventlog - To monitor specific event ID
I have requirement to monitor specific event ID for specific set of workstations.
Event ID Monitor : To monitor Specific event ID for specific set of workstations
$Workstations = gc c:\NotBackedUp\...
- 21
1
vote
1
answer
646
views
Powershell Get-EventLog how to strip out Caller Computer Name into a variable
I want to grab the value listed under "Caller Computer Name" and put it in a variable so that I can use it to get the IP address of the computer in another command.
This is the code I am using to ...
- 1,779
0
votes
1
answer
2k
views
Event Log by date
I am trying to capture log files from a specific date and I am not getting any results no matter how many days I go back.
Get-EventLog -LogName Application -EntryType Warning -Source ...
- 279
0
votes
1
answer
2k
views
Powershell Get_EventLog for multiple servers
I'm a SQL DBA, n00b to Powershell, tasked with sysadmin duties at the moment
I need to query error logs across my servers for Errors and Warnings.
Using my own Google-fu and help from this thread I ...
- 113
2
votes
2
answers
7k
views
Get-eventlog: How to get all Logs (Application, System, Security, etc) using powershell
I am trying to read All log files from EventLog using Get-eventlog commandlet
Get-EventLog -LogName Application, Security -after 09/15/2016 -Before 09/17/2016
Instead of -LogName Application, I need ...
- 465
3
votes
1
answer
696
views
Failed to get ComputerName in Powershell Get-Eventlog
In Security section in Event Viewer, there is a column named "Computer".
I am using powershell to retrieve "all event ID 100" as of yesterday and display columns "event ID" and "computer".
Get-...
- 241
1
vote
1
answer
2k
views
Get-Eventlog group by Event and Day
Get-EventLog -Logname system -Source "Microsoft-Windows-GroupPolicy" -EntryType "Information"| group-object -property source | sort-object -property Time -descending
It does group everything together ...
- 323
2
votes
1
answer
4k
views
Grab username from Get-Winevent
How can I grab the "Account Name" for the Section "Account for Which Logon Failed" in the below output from Get-EventLog? I know it involves replacement strings but this just isn't getting it:
Get-...
- 531
1
vote
1
answer
185
views
'GET-EVENTLOG' creating a full object list, then being filtered ? - is there quicker way?
The following Powershell script fetches all the System Error Events occuring today only - it works:
Get-EventLog System -After ([datetime]::Today) | Where-Object { $_.EntryType -eq "Error" }
But it ...
- 6,171
1
vote
1
answer
2k
views
Powershell script gives different results when run manually
I searched through the answers already on here, but didn't find anything I could say definitively answered my question. I have a script that should reach out to several servers as defined by a text ...
- 29
0
votes
1
answer
505
views
Add Filter to Get-EventLog (server side), returning only newest N records
Is there any way to filter event log entries using PowerShell before retrieving them?
i.e.
Instead of:
[string[]]$IgnoredSources = 'SomeValue','SomeOtherValue'
Get-Eventlog -LogName $MyLog -...
- 24.3k
1
vote
2
answers
125
views
Total number of event logs then piped out to a CSV
I've got the below
Get-EventLog -LogName * -After (Get-Date).Adddays(-7)
Which returns the information I require:
Now when I export this information out with
Export-Csv c:\temp\$([Environment]::...
- 45
9
votes
2
answers
31k
views
Powershell try/catch with test-connection
I'm trying to have offline computers recorded in a text file so that I can run them again at a later time. Doesn't seem that it is being recorded or caught in catch.
function Get-ComputerNameChange {...
- 192
5
votes
1
answer
3k
views
Get-EventLog - valid message missing for some event log sources
I'm pulling and filtering System Event Log data using get-eventlog. What I'm finding is that get-event log is not able to correctly return the message associated with some entries. These entries ...
- 2,772
0
votes
1
answer
2k
views
PowerShell - Output Message substring from Event-log after specific character
I need to display the last line from the Event Log message in PowerShell (pretty much everything after the ":". I wasn't able to do this, so the alternative I have is to output the message and a ...
- 438
1
vote
1
answer
204
views
New to PowerShell
I am extremely new to PowerShell I am trying to create a script that will look thought the system event log and pull out the items that match Error, Verbose , and Warnings; Then I want to export them ...
- 13
0
votes
2
answers
697
views
Try/Catch block does not actually execute the get-eventlog cmdlet
For some reason, when I try to use the security option, it does not actually execute the get-eventlog cmdlet, but writes it to the screen as though it were quoted. The other logs work without the try ...
- 127
0
votes
2
answers
386
views
Powershell: Split Array to Pairs and Discard if Not Alternating
I've got a Powershell script that uses Get-EventLog to search for events 6005, 6006, and 6008 on remote servers; after a little manipulation, it returns the results in an array.
$eventData += Get-...
- 489
0
votes
3
answers
4k
views
Powershell: How can I extract time from the message field of eventlog?
I'm trying to get unexpected shutdown times of Windows Sever 2008 machines via Get-EventLog in Powershell. I can get close by searching for events with an EventID of 6008 and selecting only message, ...
- 489
0
votes
1
answer
971
views
Powershell Get-EventLog -before parameter not found
I have this snippet of code here:
$currentDate = get-date
$pastDate = $currentDate.addhours(-5)
$errorCommand = get-eventlog -Before $currentDate -After $pastDate -logname Application -...
- 9
2
votes
1
answer
432
views
Foreach-Object make mutable copy of $_ in PowerShell
I want to convert entries from Windows Event log to JSON. But I want to preformat some fields. Using ForEach-Object looks like natural decicion for me, but when I try to change attributes there like ...
- 8,047
0
votes
2
answers
818
views
Using Get-EventLog in PowerShell how can I show only 10 characters in the message
I currently have the code below:
Get-EventLog -LogName Application
| Where-Object EventID -EQ 1033
| Select-Object EventID, Message
So my question is how can I just show the first 10 characters of ...
- 55
1
vote
2
answers
4k
views
Powershell Get-eventlog query. How to return X number of entries that meet criteria
I would like to find the single most recent occurrence of a list of certain event id's for multiple servers. I don't see a nice way to do this. If I use the -newest switch I have to play around with ...
- 33