Home
POV-Ray
PowerShell pipeline
PowerShell scripts
Out-Excel
Start-Monitor
Get-LogEvents
code
GUI_ServerInfo
RegistryFunctions
Get-ChildItemToDepth
Get-SharesAndPerm...
PoSh punctuation
Contact
Sitemap
Links

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

 

<#
.SYNOPSIS
Returns events from eventlog from local or remote computer.

.DESCRIPTION
Returns an array with events from an eventlog from local or remote computer.
You can select
    - the last X events
    - the events since date m-d-yyyy
    - to also display Information events
Defaults to only return errors and warnings.

.PARAMETER ComputerName
Specifies the computer name.

.PARAMETER Eventlog
Specifies the name of the eventlog.
Valid entries are:
    Application, System, Forwarded Events, Setup, PowerShell
Defaults to System.

.PARAMETER Newest
Specifies the last X events.

.PARAMETER Startdate
Specifies the startdate (m-d-yyyy).
Defaults to today's date.
If parameter Newest is used, Startdate will be omitted.

.PARAMETER AllEvents
Switch to select all eventtypes.
If this switch is not used, only errors and warnings will be returned.


.INPUTS
None. You cannot pipe objects to this function.

.OUTPUTS
This function returns an array with events from an eventlog for a computer.
This function returns an empty array if no matching events could be found.

.NOTES
This function uses WMI to access the eventlog.
The remote computer does not need to have Windows PowerShell installed for this function to work.

Written by FurBall

.EXAMPLE
C:\ps> Get-LogEvents -Computername $computer -Eventlog "Application" -Startdate "1-31-2011"

Description
----------
Returns errors and warnings from Application eventlog that occurred since 1-31-2011 on remote computer.

.EXAMPLE
C:\ps> Get-LogEvents -Computername $computer -Eventlog "Application" -Newest 10 -Startdate "1-31-2011"

Description
----------
Returns the last 10 errors and warnings from Application eventlog on (remote) computer.

Parameter Startdate will be omitted, because parameter Newest is specified.

.EXAMPLE
C:\ps> Get-LogEvents

Description
----------
Returns errors and warnings from System eventlog that occurred today on local computer.

Parameter Computername can be omitted, defaults to local machine.
Parameter Eventlog     can be omitted, defaults to System.
Parameter Startdate    can be omitted, defaults to today.


.LINK
http://www.fourcats.nl/get-logevents.html
#>
Function Get-LogEvents
{Param (
    [Parameter(ValueFromPipeline=$false, Mandatory=$false, HelpMessage="Enter a computer name")][string]$ComputerName = $env:computername,
    [Parameter(ValueFromPipeline=$false, Mandatory=$false, HelpMessage="Enter eventlog: Application, System, Forwarded Events, Setup, PowerShell")][string][ValidateSet("Application", "System", "Forwarded Events", "Setup", "PowerShell")]$Eventlog = "System",
    [Parameter(ValueFromPipeline=$false, Mandatory=$false, HelpMessage="Enter number of events")][int]$Newest,
    [Parameter(ValueFromPipeline=$false, Mandatory=$false, HelpMessage="Enter start date (m-d-yyy)")][datetime]$Startdate = (Get-Date),
    [Parameter(ValueFromPipeline=$false, Mandatory=$false)][switch]$AllEvents
    )
        $SWbemDateTime = New-Object -com WbemScripting.SWbemDateTime
        $UTC_Offset = 0
        $Startdate = (Get-Date $Startdate).AddHours($UTC_Offset)
        $Startdate = (Get-Date -Date $Startdate -Hour 0 -Minute 0 -Second 0)
        $dtBeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime($Startdate)
        if ($AllEvents){$strSelect = "Select * from win32_ntlogevent where logfile='$Eventlog'"
        }
        else{$strSelect = "Select * from win32_ntlogevent where logfile='$Eventlog' and EventType <> 0 AND EventType <> 3"}
        if ($Newest){
            Get-WmiObject -computername $ComputerName -query $strSelect | select -first $Newest -property type,@{Name='TimeWritten' ; Expression={$SWbemDateTime.Value = $_.TimeWritten ; $SWbemDateTime.GetVarDate($True)}},EventCode,SourceName,User,Message
        }
        else{
            $strSelect = "$strSelect AND TimeWritten >='$dtBeginDate'"
            Get-WmiObject -Computername $ComputerName -query $strSelect | Select -property Type,@{Name='TimeWritten' ; Expression={$SWbemDateTime.Value = $_.TimeWritten ; $SWbemDateTime.GetVarDate($True)}},EventCode,SourceName,User,Message
        }
}

Export-ModuleMember -function Get-LogEvents
to Top of Page

FurBall Productions | furball@casema.nl