Author Posts

October 31, 2016 at 8:17 am

So i try to create a eventlog script to get alle error, warning events of all server the day before.
and i want to have it exported to excel but then for every server in a new tab.
as you can see the script below, i have a little start but i stuck now.

i have a few things that i woul like to have and hope that you guys can help me with this.
1- is it possible to list it out in excel but for every server a new tab to have a clear overview.?
2- is it possible to see only that what happen yesterday?
3- is it possible to create the script so that i can create a task schedule that it runs every morning and it creates a log with the date when the log is created?
4- is it possible to have the detailes al showned and that the cel size is merge to the right size?
5- is there a easier / simplier way to tell the script it needs to run on all servers?

$geteventsystem = get-eventlog -LogName system, application -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName | Export-Clixml '\\img-vm03\ict$\7.EVENTLOGIB'\eventlogIB.xml
Invoke-Command -ComputerName img-vm01, img-vm02, img-vm03, img-dc01, img-dc02, img-db01, img-as01, img-fs02, img-ts01, img-ts02, sql01, sql02 -ScriptBlock`{$geteventsystem}

I hope you guys can help me with this

October 31, 2016 at 8:40 am

So i changed my script a little bit, so i think question nr 5 is solved?

$IBSERVERS = 'img-vm01, img-vm02, img-vm03, img-dc01, img-dc02, img-db01, img-as01, img-fs02, img-ts01, img-ts02, sql01, sql02'
$geteventsystem = get-eventlog -LogName system, application -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName | Export-Clixml '\\img-vm03\ict$\7.EVENTLOGIB'\eventlogIB.xml
Invoke-Command -ComputerName $IBSERVERS -ScriptBlock`{$geteventsystem}

October 31, 2016 at 9:56 am

1. you could but I think then question #3 will be impossible. The only method i know of doing this. But this requires an interactive session. I think it's better (and a lot faster) to just write a .csv file per computer and then import them into excel manually.
2. You already have -after. With -before you could specify a timeframe.
3. See 1
4. Is kinda related to 1. I wouldn't go this far. Just output to csv and work your way from there.
5. I guess your second script solves it more or less. I'd retrieve the servers using another method. Like get-adcomputer.

October 31, 2016 at 10:19 am

From what i can see That variable won't work. the reason being is that when the variable is defined it is going to be executed against the local machine and put in the $eventlog.

I did something that you are looking for. It seems to work against my servers.

'application', 'system'| foreach-object {get-eventlog -ComputerName server01, server02 -LogName $_ -EntryType Error, Warning -After (get-date).AddDays(-1) | Select-Object EventID, MachineName, EntryType, Message, Source, TimeGenerated, UserName } | Export-Clixml 'path'


The summary of what I am doing.

I have put into strings and then pass it along to a foreach-object script block These loop through the event logs. Get-eventlog has a -computername variable so i pass that along.

October 31, 2016 at 1:55 pm

How do you meaan thhat Wei-Yen Tan,
that the variable wont work..
the cmdlet online liner that you uploaded how can i read this, will it get the log info from application and system?

October 31, 2016 at 2:05 pm

As far i can see at the moment my script block wont run, is there something wrong with the scriptblock? is it not possible to execute a variable like that?

October 31, 2016 at 4:22 pm

You'd be better off configuring event log forwarding – see https://www.petri.com/configure-event-log-forwarding-windows-server-2012-r2 for example.

Don't reinvent the wheel

November 1, 2016 at 2:52 pm

We only have server 2012, not R2.

But why cant i create like a excel list for all the events?

any one an idea how to make it work?