Output 'Get-EventLog' entries to different .txt files.

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Albert van Boerum Albert van Boerum 4 months, 1 week ago.

  • Author
    Posts
  • #66348
    Profile photo of Raffaele
    Raffaele
    Participant

    Hi all

    I am trying to create a simple script to fetch the 'error' and 'warning' log types for the System and Application event logs. My original version of the script worked, and the files created were hardcoded into the script (e.g. Out-File C:\Event_Logs\SystemWarningPC-XXXXX.txt.

    I didn't like this, and so created some tidier variables. This worked fine for one entry, but of course as soon as I introduced more than one into the script, the files overwrote each other. Ideally, all of the logs will output to separate files, each with their own entry name depending on date/logtype/PC name.

    I'm just starting out, but a colleague of mine suggested I used a 'For' loop, in order to avoid this issue. Is this the right tool to use?

    If you need to see the script, by all means, but be gentle, I'm kinda' new to this!

    Thanks 🙂

  • #66349
    Profile photo of Albert van Boerum
    Albert van Boerum
    Participant

    Hi Raffaele,

    Could you please share your code with us so we can take a look at it?

    Albert

    • #66364
      Profile photo of Raffaele
      Raffaele
      Participant

      Hi

      Thanks for your response. The following is the first bit of the code, which works exactly as I need it to. The issue is then, of course, asking PS to also fetch 'Application -Warning' and then 'System -Warning/-Error' logs as well, without overwriting the file output of the first bit.

      I am likely doing this all wrong, and I think I 'know' how to solve it, but doing so is a little beyond me.

      ***

      $logDirectory = "C:\Event_logs\"

      if (!(Test-Path $logDirectory)) {
      # This will only execute if is true
      Write-Output "[Info]: $logDirectory does not exist, creating directory $logDirectory"
      # Your command here use new-item -type directory
      New-Item -ItemType Directory $logDirectory
      }

      [dateTime]$days = (get-date).AddDays(-10)

      $currentdate = Get-Date -Format "-dd-MM-yyyy"

      $Outputfile = "${logDirectory}${Comp}${currentdate}.txt"

      $Comp = "PC-06021"

      $events = Get-EventLog -LogName Application -After $days -EntryType Error -ComputerName $Comp

      Write-Output $events | Out-File -Force $Outputfile

      ***

      Thanks 🙂

  • #66484
    Profile photo of Albert van Boerum
    Albert van Boerum
    Participant

    so, just to be clear:

    – You want to collect the error and warnings from the application and the system eventlog.
    – You want to do this for multiple computers
    – you want a separate file for each date/computer/logfile

    Just to think with you, why do you want this in this format (seperate textfiles) and how are you going to use it?
    If you have 100 computers, that is 100 computers x 2 logfiles per day = 200 seperate textfiles every day you have to do something with.

    It is perhaps a better idea to put them in a database so you can do with it whatever you want? There is a ebook for using a database with powershell on this site and how to do it.

    Albert

You must be logged in to reply to this topic.