Powershell 脚本用于检查 Windows 事件日志中的关键消息

Question 1

Set-Variable -Name EventAgeDays -Value 1     #we will take events for the latest 7 days
    Set-Variable -Name CompArr -Value @("localhost")   # replace it with your server names
    Set-Variable -Name LogNames -Value @("Application", "System")  # Checking app and system logs
    Set-Variable -Name EventTypes -Value @("1")  # Loading only Errors and Warnings
    Set-Variable -Name ExportFolder -Value "C:\EventLogs\"


    $el_c = @()   #consolidated error log
    $now=get-date
    $startdate=$now.adddays(-$EventAgeDays)
    $ExportFile=$ExportFolder + "el" + $now.ToString("yyyy-MM-dd---hh-mm-ss") + ".csv"  # we cannot use standard delimiteds like ":"

    foreach($comp in $CompArr)
    {
      foreach($log in $LogNames)
      {
        Write-Host Processing $comp\$log
        $el = get-winevent -ComputerName $comp -FilterHashtable @{logname="$log";level=$eventtypes;starttime=$startdate}
        $el_c += $el  #consolidating
      }
    }
    $el_sorted = $el_c | Sort-Object TimeGenerated    #sort by time
    #Write-Host Exporting to $ExportFile
    $el_sorted|Select LevelDisplayName, TimeCreated, ProviderName, ID, MachineName, Message

您可以将“事件类型”更改为 1,2,3,4（严重、错误、警告、信息）

Answer

Set-Variable -Name EventAgeDays -Value 1     #we will take events for the latest 7 days
    Set-Variable -Name CompArr -Value @("localhost")   # replace it with your server names
    Set-Variable -Name LogNames -Value @("Application", "System")  # Checking app and system logs
    Set-Variable -Name EventTypes -Value @("1")  # Loading only Errors and Warnings
    Set-Variable -Name ExportFolder -Value "C:\EventLogs\"


    $el_c = @()   #consolidated error log
    $now=get-date
    $startdate=$now.adddays(-$EventAgeDays)
    $ExportFile=$ExportFolder + "el" + $now.ToString("yyyy-MM-dd---hh-mm-ss") + ".csv"  # we cannot use standard delimiteds like ":"

    foreach($comp in $CompArr)
    {
      foreach($log in $LogNames)
      {
        Write-Host Processing $comp\$log
        $el = get-winevent -ComputerName $comp -FilterHashtable @{logname="$log";level=$eventtypes;starttime=$startdate}
        $el_c += $el  #consolidating
      }
    }
    $el_sorted = $el_c | Sort-Object TimeGenerated    #sort by time
    #Write-Host Exporting to $ExportFile
    $el_sorted|Select LevelDisplayName, TimeCreated, ProviderName, ID, MachineName, Message

您可以将“事件类型”更改为 1,2,3,4（严重、错误、警告、信息）

Question 2

如果你想过滤关键事件，那么你需要get-winevent使用get-eventlog

类似这样的

Get-WinEvent -computername $comparr -FilterHashTable @{logname=$lognames; Level=1}

https://blogs.msdn.microsoft.com/powershell/2009/05/21/processing-event-logs-in-powershell/ https://technet.microsoft.com/library/hh849682.aspx

Answer

如果你想过滤关键事件，那么你需要get-winevent使用get-eventlog

类似这样的

Get-WinEvent -computername $comparr -FilterHashTable @{logname=$lognames; Level=1}

https://blogs.msdn.microsoft.com/powershell/2009/05/21/processing-event-logs-in-powershell/ https://technet.microsoft.com/library/hh849682.aspx

Question 3

$CritSysMsgs = Get-WinEvent -LogName "System" | Where-Object -FilterScript {$_.LevelDisplayName -eq "Critical"} Write-Host "Critaical 消息：$CritSysMsgs"

Answer

$CritSysMsgs = Get-WinEvent -LogName "System" | Where-Object -FilterScript {$_.LevelDisplayName -eq "Critical"} Write-Host "Critaical 消息：$CritSysMsgs"

Powershell 脚本用于检查 Windows 事件日志中的关键消息

答案1

答案2

答案3

相关内容