creating eventlog of all server, with all error and warning types day before

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of Jeremy-Smit Jeremy-Smit 1 month ago.

  • Author
    Posts
  • #56488
    Profile photo of Jeremy-Smit
    Jeremy-Smit
    Participant

    So i try to create a eventlog script to get alle error, warning events of all server the day before.
    and i want to have it exported to excel but then for every server in a new tab.
    as you can see the script below, i have a little start but i stuck now.

    i have a few things that i woul like to have and hope that you guys can help me with this.
    1- is it possible to list it out in excel but for every server a new tab to have a clear overview.?
    2- is it possible to see only that what happen yesterday?
    3- is it possible to create the script so that i can create a task schedule that it runs every morning and it creates a log with the date when the log is created?
    4- is it possible to have the detailes al showned and that the cel size is merge to the right size?
    5- is there a easier / simplier way to tell the script it needs to run on all servers?

    $geteventsystem = get-eventlog -LogName system, application -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName | Export-Clixml '\\img-vm03\ict$\7.EVENTLOGIB'\eventlogIB.xml
    Invoke-Command -ComputerName img-vm01, img-vm02, img-vm03, img-dc01, img-dc02, img-db01, img-as01, img-fs02, img-ts01, img-ts02, sql01, sql02 -ScriptBlock`{$geteventsystem}
    

    I hope you guys can help me with this

  • #56489
    Profile photo of Jeremy-Smit
    Jeremy-Smit
    Participant

    So i changed my script a little bit, so i think question nr 5 is solved?

    $IBSERVERS = 'img-vm01, img-vm02, img-vm03, img-dc01, img-dc02, img-db01, img-as01, img-fs02, img-ts01, img-ts02, sql01, sql02'
    $geteventsystem = get-eventlog -LogName system, application -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName | Export-Clixml '\\img-vm03\ict$\7.EVENTLOGIB'\eventlogIB.xml
    Invoke-Command -ComputerName $IBSERVERS -ScriptBlock`{$geteventsystem}
    
  • #56492
    Profile photo of Sonny Puijk
    Sonny Puijk
    Participant

    1. you could but I think then question #3 will be impossible. The only method i know of doing this. But this requires an interactive session. I think it's better (and a lot faster) to just write a .csv file per computer and then import them into excel manually.
    2. You already have -after. With -before you could specify a timeframe.
    3. See 1
    4. Is kinda related to 1. I wouldn't go this far. Just output to csv and work your way from there.
    5. I guess your second script solves it more or less. I'd retrieve the servers using another method. Like get-adcomputer.

  • #56497
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    From what i can see That variable won't work. the reason being is that when the variable is defined it is going to be executed against the local machine and put in the $eventlog.

    I did something that you are looking for. It seems to work against my servers.

    'application', 'system'| foreach-object {get-eventlog -ComputerName server01, server02 -LogName $_ -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName } | Export-Clixml 'path'
    
    
    

    The summary of what I am doing.

    I have put into strings and then pass it along to a foreach-object script block These loop through the event logs. Get-eventlog has a -computername variable so i pass that along.

  • #56504
    Profile photo of Jeremy-Smit
    Jeremy-Smit
    Participant

    How do you meaan thhat Wei-Yen Tan,
    that the variable wont work..
    the cmdlet online liner that you uploaded how can i read this, will it get the log info from application and system?

  • #56506
    Profile photo of Jeremy-Smit
    Jeremy-Smit
    Participant

    As far i can see at the moment my script block wont run, is there something wrong with the scriptblock? is it not possible to execute a variable like that?

  • #56519
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    You'd be better off configuring event log forwarding – see https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2 for example.

    Don't reinvent the wheel

  • #56591
    Profile photo of Jeremy-Smit
    Jeremy-Smit
    Participant

    We only have server 2012, not R2.

    But why cant i create like a excel list for all the events?

    any one an idea how to make it work?

You must be logged in to reply to this topic.