PS > help get-eventlog
NAME
Get-EventLog
SYNOPSIS
Gets the events in an event log, or a list of the event logs, on the local or remote computers.
SYNTAX
Get-EventLog [-AsString] [-ComputerName <string[]>] [-List] [<CommonParameters>]
Get-EventLog [-LogName] <string> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>]
[-ComputerName <string[]>] [-EntryType <string[]>] [-Index <Int32[]>] [-Message <string>] [-Newest <int>] [-Source
<string[]>] [-UserName <string[]>] [<CommonParameters>]
DESCRIPTION
The Get-EventLog cmdlet gets events and event logs on the local and remote computers.
Use the parameters of Get-EventLog to search for events by using their property values. Get-EventLog gets only the
events that match all of the specified property values.
The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events fr
om logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=113314
Get-WinEvent
Clear-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog
Get-WinEvent
REMARKS
To see the examples, type: "get-help Get-EventLog -examples".
For more information, type: "get-help Get-EventLog -detailed".
For technical information, type: "get-help Get-EventLog -full".
I want logs from the Netapp SnapManager for Virtual Infrastructure, SMVI. In this case, that's also the Source name.
Next we need the date from 24 Hours ago. I make this with a DateTime Object. Let's see what Methods it exports:
PS > Get-Date | get-member | where {$_.MemberType -eq 'Method'}
TypeName: System.DateTime
Name MemberType Definition
---- ---------- ----------
Add Method System.DateTime Add(System.TimeSpan value)
AddDays Method System.DateTime AddDays(double value)
AddHours Method System.DateTime AddHours(double value)
AddMilliseconds Method System.DateTime AddMilliseconds(double value)
AddMinutes Method System.DateTime AddMinutes(double value)
AddMonths Method System.DateTime AddMonths(int months)
AddSeconds Method System.DateTime AddSeconds(double value)
AddTicks Method System.DateTime AddTicks(long value)
AddYears Method System.DateTime AddYears(int value)
CompareTo Method int CompareTo(System.Object value), int CompareTo(System.DateTime value)
Equals Method bool Equals(System.Object value), bool Equals(System.DateTime value)
GetDateTimeFormats Method string[] GetDateTimeFormats(), string[] GetDateTimeFormats(System.IFormatProvider pr...
GetHashCode Method int GetHashCode()
GetType Method type GetType()
GetTypeCode Method System.TypeCode GetTypeCode()
IsDaylightSavingTime Method bool IsDaylightSavingTime()
Subtract Method System.TimeSpan Subtract(System.DateTime value), System.DateTime Subtract(System.Tim...
ToBinary Method long ToBinary()
ToFileTime Method long ToFileTime()
ToFileTimeUtc Method long ToFileTimeUtc()
ToLocalTime Method System.DateTime ToLocalTime()
ToLongDateString Method string ToLongDateString()
ToLongTimeString Method string ToLongTimeString()
ToOADate Method double ToOADate()
ToShortDateString Method string ToShortDateString()
ToShortTimeString Method string ToShortTimeString()
ToString Method string ToString(), string ToString(string format), string ToString(System.IFormatPro...
ToUniversalTime Method System.DateTime ToUniversalTime()AddDays could be useful. Let's try:
PS > get-date
Tuesday, February 12 2013 12:45:38
PS > (get-date).AddDays(-1)
Monday, February 11 2013 12:45:39
Looks good ;)
Ok, lets make this now:
PS > Get-EventLog application -source SMVI -After (get-date).AddDays(-1)
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
346431 Feb 12 12:40 Warning SMVI 4096 690099815 [backup2 434343434343434343434343433...
346430 Feb 12 12:40 Error SMVI 4096 690099799 [backup2 434343434343434343434343433...
346429 Feb 12 12:40 Warning SMVI 4096 690099799 [backup2 434343434343434343434343433...
346428 Feb 12 12:40 Information SMVI 4096 Sent status notification message to [bla@examp...
346427 Feb 12 12:40 Error SMVI 4096 690099300 [backup2 434343434343434343434343433...
346426 Feb 12 12:40 Error SMVI 4096 690099300 [backup2 434343434343434343434343433...
346425 Feb 12 12:40 Error SMVI 4096 690099300 [backup2 434343434343434343434343433...
346424 Feb 12 12:40 Warning SMVI 4096 690093403 [backup2 434343434343434343434343433...
346423 Feb 12 12:40 Warning SMVI 4096 690093372 [backup2 434343434343434343434343433...
346422 Feb 12 12:40 Warning SMVI 4096 690092451 [backup2 434343434343434343434343433...
Now, let's count how much Warning, Error and Information entries there are. To accomplish that, we iterate the logs and count the occurrence of the EntryType in a Hashtable:
PS > $log = Get-EventLog application -source SMVI -After (get-date).AddDays(-1)
PS > $result = @{}
PS > $log | % { $result.($_.EntryType)++ }
PS > $result
Name Value
---- -----
Information 1
Warning 5
Error 4
And there we are. Now we just can grab those objects and do whatever we wanted to do, in my case a NSClient++ Script to use with Nagios. But I'll speak some other time about this.
No comments:
Post a Comment