So here i am back with another handy script for the IT administrator.
Question: are you, like me, fed up with the tedious way Microsoft event log are to be retrieved and viewed? then i might have a (PowerShell) solution for you!
In this script i have taken some AD PowerShell plugin functions and combined it with a few .Net forms. (thanks to a post on Microsoft TechNet_ furthermore i added Get-Eventlog Cmdlet to derive any eventlog content from any machine you can access in one script. the script fetches only the first n (asked in the script “how many lines”) recent Errors or failures.
# this script reads eventlog from any Computer you can access
# Script build by Bas Huygen February 2013
# the MS forms procedures are from Microsoft: http://technet.microsoft.com/en-us/library/ff730941.aspx
$ErrorActionPreference = "SilentlyContinue"
Do{
# Procedure 1: Get all AD computers and make a selection by filtering it
Clear-Host
$compfilter = Read-Host("please make a selection of computers, this can be one name or a range by the use of * (wildcards)")
If($compfilter -eq ""){$compfilter = "*"}
$allcomps = Get-ADComputer -filter * |Select-Object Name |Sort-Object name |where {$_.name -like "$compfilter"}
# Procedure 2: Select a computer in a form
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
$objForm2 = New-Object System.Windows.Forms.Form
$objForm2.Text = "Select a Computer"
$objForm2.Size = New-Object System.Drawing.Size(300,200)
$objForm2.StartPosition = "CenterScreen"
$objForm2.KeyPreview = $True
$objForm2.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$x=$objListBoxcmp.SelectedItem;$objForm2.Close()}})
$objForm2.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm2.Close()}})
$OKButton2 = New-Object System.Windows.Forms.Button
$OKButton2.Location = New-Object System.Drawing.Size(75,120)
$OKButton2.Size = New-Object System.Drawing.Size(75,23)
$OKButton2.Text = "OK"
$OKButton2.Add_Click({$x=$objListBoxcmp.SelectedItem;$objForm2.Close()})
$objForm2.Controls.Add($OKButton2)
$CancelButton2 = New-Object System.Windows.Forms.Button
$CancelButton2.Location = New-Object System.Drawing.Size(150,120)
$CancelButton2.Size = New-Object System.Drawing.Size(75,23)
$CancelButton2.Text = "Cancel"
$CancelButton2.Add_Click({$objForm2.Close()})
$objForm2.Controls.Add($CancelButton2)
$objLabel2 = New-Object System.Windows.Forms.Label
$objLabel2.Location = New-Object System.Drawing.Size(10,20)
$objLabel2.Size = New-Object System.Drawing.Size(280,20)
$objLabel2.Text = "Please select a computer:"
$objForm2.Controls.Add($objLabel2)
$objListBoxcmp = New-Object System.Windows.Forms.ListBox
$objListBoxcmp.Location = New-Object System.Drawing.Size(10,40)
$objListBoxcmp.Size = New-Object System.Drawing.Size(260,20)
$objListBoxcmp.Height = 80
# loop through all compyters filtered out of the AD in procedure 1
ForEach ($c in $allcomps){[void] $objListBoxcmp.Items.Add($c.name)}
$objForm2.Controls.Add($objListBoxcmp)
$objForm2.Topmost = $True
$objForm2.Add_Shown({$objForm2.Activate()})
[void] $objForm2.ShowDialog()
$trgHost = $objListBoxcmp.Text
# Procedure 3: Select an Eventlog Source in a form
#[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
#[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Select an Eventlog Source"
$objForm.Size = New-Object System.Drawing.Size(300,200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Enter")
{$x=$objListBox.SelectedItem;$objForm.Close()}})
$objForm.Add_KeyDown({if ($_.KeyCode -eq "Escape")
{$objForm.Close()}})
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75,120)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({$x=$objListBox.SelectedItem;$objForm.Close()})
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150,120)
$CancelButton.Size = New-Object System.Drawing.Size(75,23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click({$objForm.Close()})
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(280,20)
$objLabel.Text = "Please select an Eventlog source:"
$objForm.Controls.Add($objLabel)
$objListBox = New-Object System.Windows.Forms.ListBox
$objListBox.Location = New-Object System.Drawing.Size(10,40)
$objListBox.Size = New-Object System.Drawing.Size(260,20)
$objListBox.Height = 80
[void] $objListBox.Items.Add("System")
[void] $objListBox.Items.Add("Application")
[void] $objListBox.Items.Add("Security")
$objForm.Controls.Add($objListBox)
$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()
$evtLog = $objListBox.Text
$howmany = Read-host ("How many lines should i fetch? (blank fetches 25 lines)")
If ($howmany -eq ""){$howmany = 25}
If($evtLog -eq "Security"){$errtype = "failureaudit"} else{ $errtype = "error"}
# now get the eventlog from the selection
Get-EventLog -ComputerName $trgHost $evtLog -Newest $howmany -EntryType $errtype
Get-EventLog -ComputerName $trgHost $evtLog -Newest $howmany -EntryType $errtype | group-object -property source -noelement |
sort-object -property count -descending
$erID = Read-Host("Zoom in to a specific event? (give IDnumber)")
If($erID -eq ""){}else{Get-EventLog -ComputerName $trgHost $evtLog -Newest $howmany -EntryType $errtype |?{$_.Index -like $erID} |select Message}
$again = Read-Host("Start again? (y)")
}while($again -eq "y" -or $again -eq "Y")
its output will like something like this:
Have fun, comments are welcome and till next time!
No comments:
Post a Comment