parse the WindowsUpdate.log

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of H Man H Man 2 years, 7 months ago.

  • Author
  • #20549
    Profile photo of H Man
    H Man

    Hello All
    I am trying to build a psobject aND just want to show the date and the fatal error message from the windowsupdate.log

    Here's what I am using, it's returning a string I need help extrating the message I guess I'm looking for the proper method like substring split or replace select-string ..etc

    Heres what i have so far

    Get-Content C:\Windows\WindowsUpdate.Log | Where-Object { $_–like '*FATAL*'} -OutVariable WULog
    $date = $WULog.Substring(0,10)
  • #20553
    Profile photo of Charles Downing
    Charles Downing

    What you've got will pull the date off of the front of the line, but if you want to pull more than that, you'll have a lot of string manipulation going on. Try using the -split operator, (about_Split).

    $tokens = $WULog -split '\s+', 6
    "$($tokens[0]): $($tokens[5])"

    And $WULog will be an array, so you'll want to use a ForEach-Object loop to loop through each line in it.

  • #20557
    Profile photo of H Man
    H Man

    WIth the help of Kirk Murno, We came up with this

    How can I incorporate this to survey multiple servers , and have it returun to a variable (custom object ), this what i have so far

    Function Get-WindowsUpdateLog2 {
        Param (
            [string]$computerName = $env:computerName
    Invoke-Command -ComputerName $computerName -ScriptBlock {
    $StartTimestamp = '11/12/2014 9:00:19'
    $EndTimeStamp = '11/12/2014 11:59:19'
    $filter = {($_.Date -ge $StartTimestamp) -and ($_.Date -le $EndTimeStamp)}
    $wsuslog = Import-Csv C:\Windows\WindowsUpdate.log -Delimiter "`t" -Header Date,Time,PID,TID,Component,Text |
    Where-Object {$_.Text -match 'FATAL' -or $_.Text -match 'WARNING'  } |   
    Select-Object -Property @{Name='Date';Expression={[DateTime]"$($_.Date) $($_.Time -replace ':\d+$','Z')"}},Text
    $wsuslog = $wsuslog | Where $filter
    $data = New-Object -TypeName PSObject -Property @{
     Computer = $computerName
     Date = $wsuslog.Date
     Message =  $wsuslog.Text
    write $data
    } -Credential $cred 
    $d = $servers |Test-Online -Parameter server| foreach {
     Get-WindowsUpdateLog -computerName $_  } 

You must be logged in to reply to this topic.