parse the WindowsUpdate.log

This topic contains 2 replies, has 2 voices, and was last updated by  H Man 2 years, 9 months ago.

  • Author
    Posts
  • #20549

    H Man
    Participant

    Hello All
    I am trying to build a psobject aND just want to show the date and the fatal error message from the windowsupdate.log

    Here's what I am using, it's returning a string I need help extrating the message I guess I'm looking for the proper method like substring split or replace select-string ..etc

    Heres what i have so far

    Get-Content C:\Windows\WindowsUpdate.Log | Where-Object { $_–like '*FATAL*'} -OutVariable WULog
    
    $date = $WULog.Substring(0,10)
    
    
    
  • #20553

    Charles Downing
    Participant

    What you've got will pull the date off of the front of the line, but if you want to pull more than that, you'll have a lot of string manipulation going on. Try using the -split operator, (about_Split).

    $tokens = $WULog -split '\s+', 6
    "$($tokens[0]): $($tokens[5])"
    

    And $WULog will be an array, so you'll want to use a ForEach-Object loop to loop through each line in it.

  • #20557

    H Man
    Participant

    WIth the help of Kirk Murno, We came up with this

    How can I incorporate this to survey multiple servers , and have it returun to a variable (custom object ), this what i have so far

    Function Get-WindowsUpdateLog2 {
        Param (
            [string]$computerName = $env:computerName
        )
    
    Invoke-Command -ComputerName $computerName -ScriptBlock {
    
    $StartTimestamp = '11/12/2014 9:00:19'
    $EndTimeStamp = '11/12/2014 11:59:19'
    $filter = {($_.Date -ge $StartTimestamp) -and ($_.Date -le $EndTimeStamp)}
               
    $wsuslog = Import-Csv C:\Windows\WindowsUpdate.log -Delimiter "`t" -Header Date,Time,PID,TID,Component,Text |
    Where-Object {$_.Text -match 'FATAL' -or $_.Text -match 'WARNING'  } |   
    Select-Object -Property @{Name='Date';Expression={[DateTime]"$($_.Date) $($_.Time -replace ':\d+$','Z')"}},Text
    
    $wsuslog = $wsuslog | Where $filter
    
    $data = New-Object -TypeName PSObject -Property @{
    
     Computer = $computerName
     Date = $wsuslog.Date
     Message =  $wsuslog.Text
    
    }
    write $data
    } -Credential $cred 
        }
    
    
    $d = $servers |Test-Online -Parameter server| foreach {
     Get-WindowsUpdateLog -computerName $_  } 
    
    
    

You must be logged in to reply to this topic.