Write-Event from Log File

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #5501

    by ventu at 2013-02-03 17:16:53

    Good evening, all – I'm at the beginning stages of creating a script for work, but I need some assistance.. I'm going to be using Powershell to Parse out a specific word at the tail end of a log file that gets generated. The following quotes are what's generated: (This is all one line of code, if you were to copy and paste from the log file to another text document it would populate on one line.)

    [quote]DATA VERIFICATION FAILED FOR CHAIN: "\\?\D:\BACKUP\B3982A3D2BE74945-RVCUPDC\C_VOL-B001.SPF" "C_VOL-B001-I2816-CD-CM.SPI" "C_VOL-B001-I5760-CD-CM.SPI" "C_VOL-B001-I8455-CD-CW-CM.SPI" "C_VOL-B001-I11400-CD-CM.SPI" "C_VOL-B001-I14149-CD-CM.SPI" "C_VOL-B001-I17094-CD-CM.SPI" "C_VOL-B001-I19930-CD-CM.SPI" "C_VOL-B001-I22803-CD-CM.SPI" "C_VOL-B001-I25747-CD-CM.SPI" "C_VOL-B001-I28596-CD-CM.SPI" "C_VOL-B001-I31541-CD-CW-CM.SPI" "C_VOL-B001-I34333-CD-CM.SPI" "C_VOL-B001-I37278-CD-CM.SPI" "C_VOL-B001-I37468-CD-CW.SPI" "C_VOL-B001-I38133-CD-CW.SPI" "C_VOL-B001-I38798-CD-CW.SPI" "C_VOL-B001-I38893-CD.SPI" "C_VOL-B001-I38988-CD.SPI" "C_VOL-B001-I39083-CD.SPI" "C_VOL-B001-I39178-CD.SPI" "C_VOL-B001-I39179.SPI" "C_VOL-B001-I39180.SPI" "C_VOL-B001-I39181.SPI" "C_VOL-B001-I39182.SPI" "C_VOL-B001-I39183.SPI" "C_VOL-B001-I39184.SPI" "C_VOL-B001-I39185.SPI" "C_VOL-B001-I39186.SPI" "C_VOL-B001-I39187.SPI" "C_VOL-B001-I39188.SPI" "C_VOL-B001-I39189.SPI" "C_VOL-B001-I39190.SPI" "C_VOL-B001-I39191.SPI" "C_VOL-B001-I39192.SPI" "C_VOL-B001-I39193.SPI" "C_VOL-B001-I39194.SPI" "C_VOL-B001-I39195.SPI" "C_VOL-B001-I39196.SPI" "C_VOL-B001-I39197.SPI" "C_VOL-B001-I39198.SPI" "C_VOL-B001-I39199.SPI" "C_VOL-B001-I39200.SPI" "C_VOL-B001-I39201.SPI" "C_VOL-B001-I39202.SPI" "C_VOL-B001-I39203.SPI" "C_VOL-B001-I39204.SPI" "C_VOL-B001-I39205.SPI" "C_VOL-B001-I39206.SPI" "C_VOL-B001-I39207.SPI" "C_VOL-B001-I39208.SPI" "C_VOL-B001-I39209.SPI" "C_VOL-B001-I39210.SPI" "C_VOL-B001-I39211.SPI" "C_VOL-B001-I39212.SPI" "C_VOL-B001-I39213.SPI" "C_VOL-B001-I39214.SPI" "C_VOL-B001-I39215.SPI" "C_VOL-B001-I39216.SPI" "C_VOL-B001-I39217.SPI" "C_VOL-B001-I39218.SPI" "C_VOL-B001-I39219.SPI" "C_VOL-B001-I39220.SPI" "C_VOL-B001-I39221.SPI" "C_VOL-B001-I39222.SPI" "C_VOL-B001-I39223.SPI" "C_VOL-B001-I39224.SPI" "C_VOL-B001-I39225.SPI" "C_VOL-B001-I39226.SPI" "C_VOL-B001-I39227.SPI" "C_VOL-B001-I39228.SPI" "C_VOL-B001-I39229.SPI" "C_VOL-B001-I39230.SPI" "C_VOL-B001-I39231.SPI" "C_VOL-B001-I39232.SPI" "C_VOL-B001-I39233.SPI" "C_VOL-B001-I39234.SPI"
    [/quote]

    [quote]DATA VERIFICATION VALID FOR CHAIN: "\\?\D:\BACKUP\B3982A3D2BE74945-RVCUPDC\C_VOL-B001.SPF" "C_VOL-B001-I2816-CD-CM.SPI" "C_VOL-B001-I5760-CD-CM.SPI" "C_VOL-B001-I8455-CD-CW-CM.SPI" "C_VOL-B001-I11400-CD-CM.SPI" "C_VOL-B001-I14149-CD-CM.SPI" "C_VOL-B001-I17094-CD-CM.SPI" "C_VOL-B001-I19930-CD-CM.SPI" "C_VOL-B001-I22803-CD-CM.SPI" "C_VOL-B001-I25747-CD-CM.SPI" "C_VOL-B001-I28596-CD-CM.SPI" "C_VOL-B001-I31541-CD-CW-CM.SPI" "C_VOL-B001-I34333-CD-CM.SPI" "C_VOL-B001-I37278-CD-CM.SPI" "C_VOL-B001-I37468-CD-CW.SPI" "C_VOL-B001-I38133-CD-CW.SPI" "C_VOL-B001-I38798-CD-CW.SPI" "C_VOL-B001-I38893-CD.SPI" "C_VOL-B001-I38988-CD.SPI" "C_VOL-B001-I39083-CD.SPI" "C_VOL-B001-I39178-CD.SPI" "C_VOL-B001-I39179.SPI" "C_VOL-B001-I39180.SPI" "C_VOL-B001-I39181.SPI" "C_VOL-B001-I39182.SPI" "C_VOL-B001-I39183.SPI" "C_VOL-B001-I39184.SPI" "C_VOL-B001-I39185.SPI" "C_VOL-B001-I39186.SPI" "C_VOL-B001-I39187.SPI" "C_VOL-B001-I39188.SPI" "C_VOL-B001-I39189.SPI" "C_VOL-B001-I39190.SPI" "C_VOL-B001-I39191.SPI" "C_VOL-B001-I39192.SPI" "C_VOL-B001-I39193.SPI" "C_VOL-B001-I39194.SPI" "C_VOL-B001-I39195.SPI" "C_VOL-B001-I39196.SPI" "C_VOL-B001-I39197.SPI" "C_VOL-B001-I39198.SPI" "C_VOL-B001-I39199.SPI" "C_VOL-B001-I39200.SPI" "C_VOL-B001-I39201.SPI" "C_VOL-B001-I39202.SPI" "C_VOL-B001-I39203.SPI" "C_VOL-B001-I39204.SPI" "C_VOL-B001-I39205.SPI" "C_VOL-B001-I39206.SPI" "C_VOL-B001-I39207.SPI" "C_VOL-B001-I39208.SPI" "C_VOL-B001-I39209.SPI" "C_VOL-B001-I39210.SPI" "C_VOL-B001-I39211.SPI" "C_VOL-B001-I39212.SPI" "C_VOL-B001-I39213.SPI" "C_VOL-B001-I39214.SPI" "C_VOL-B001-I39215.SPI" "C_VOL-B001-I39216.SPI" "C_VOL-B001-I39217.SPI" "C_VOL-B001-I39218.SPI" "C_VOL-B001-I39219.SPI" "C_VOL-B001-I39220.SPI" "C_VOL-B001-I39221.SPI" "C_VOL-B001-I39222.SPI" "C_VOL-B001-I39223.SPI" "C_VOL-B001-I39224.SPI" "C_VOL-B001-I39225.SPI" "C_VOL-B001-I39226.SPI" "C_VOL-B001-I39227.SPI" "C_VOL-B001-I39228.SPI" "C_VOL-B001-I39229.SPI" "C_VOL-B001-I39230.SPI" "C_VOL-B001-I39231.SPI" "C_VOL-B001-I39232.SPI" "C_VOL-B001-I39233.SPI" "C_VOL-B001-I39234.SPI"
    [/quote]

    Below is the code I'm using to write an event. Pretty straight forward, but it's not working. The $logGather variable generates the data listed in the quotes, all my code does is looks for the word, 'failed'. Regardless if the chain if valid or isn't, the 'Chain Verification Valid' event is created. Am i missing something? Is the code I'm using not correct?

    $logGather = Get-Content "d:\shadowprotect\output.log" | Select-Object -Last 1
    if ($logGather -like "FAILED") {
    write-eventlog Application -Source ChainVerificationAlert -EventId 12 -EntryType Information -Message "Chain Verification Failure"
    } else{write-eventlog Application -Source ChainVerificationAlert -EventId 13 -EntryType Error -Message "Chain Verification Valid"
    }

    Any help would be greatly appreciated. Thanks!

    by ArtB0514 at 2013-02-04 06:41:06

    What you are missing is the wildcard characters for the -like operator. Read the help for about_Comparison_Operators http://technet.microsoft.com/en-us/library/hh847759.aspx (scroll down to the -like operator) for more details.

    As written, -like is testing $logGather as if it were -eq and thus always failing so that the VALID option it always taken. You need to do either if ($logGather -like "*FAILED*") { or if ($logGather -match "FAILED") {

    by ventu at 2013-02-04 22:31:23

    [quote="ArtB0514"]What you are missing is the wildcard characters for the -like operator. Read the help for about_Comparison_Operators http://technet.microsoft.com/en-us/library/hh847759.aspx (scroll down to the -like operator) for more details.

    As written, -like is testing $logGather as if it were -eq and thus always failing so that the VALID option it always taken. You need to do either if ($logGather -like "*FAILED*") { or if ($logGather -match "FAILED") {[/quote]

    What a simple mistake 🙂 Thank you so much for clarifying what I was missing from my code. After placing We can consider this thread solved! On to the 2nd phase of the project.

You must be logged in to reply to this topic.