Is your server running slowly?  Check with SolarWinds ipMonitor.

Get your free evaluation copy of ipMonitor here

---

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) CatTools 
9) Exchange Monitor
10) WinDiff

PowerShell Scripting with get-Eventlog

Introduction to Scripting Eventlog with PowerShell

Let us begin by taking stock of the operating system's event logs.  In our hearts, we know that we should be looking at these logs more often.  We also know that when we see those red dots in the logs, we should take action to correct the corresponding error message.

Thus we have a task for PowerShell; in fact, we have a marriage made in heaven.  PowerShell will help us review the system, application and other logs, while the eventlogs themselves will act as a vehicle for learning more about PowerShell's benefits, capabilities and syntax.

PowerShell Eventlog Topics

• Example 1: Eventlog -list
• Example 2: Display error messages from your System log
• Example 3: Find Errors in the System log
• Summary of PowerShell Eventlog Scripts

 ♣

PowerShell Example 1: Eventlog -list

Instructions:

Pre-requisite: Visit Microsoft's site and download the correct version of PowerShell for your operating system.

Here are instructions for executing the PowerShell code from the command line.

• Launch Windows PowerShell
• Copy all the lines of code into memory
  (For instance, from the Example below)
• Right-click on the PowerShell symbol
• Edit --> Paste
• Check the menus on screenshot to the right
• Press 'Enter' to execute the pasted code

Our first task is to discover how many different logs there are on your machine.   Therefore, to discover if your computer has 3, 6, or more logs, append the -list parameter to the get-Eventlog command:

Learning Points

Note 1: You may have guessed that the hash # symbol is PowerShell's way of introducing a comment.

Note2:  -list is correct, please note that you do need that dash.

Action Point:  Launch the Event Viewer, visit the actual logs and adjust the 'Retain' time and the Overflow action.

PowerShell Example 2: Display error messages from your System log

Learning Points

I realize that most people will just copy and paste my script, but for those want to look behind the script, or those who get stuck, I provide 'Learning Points'.   My greatest joy is if you would experiment with my code, for example, change 2000 to 10000; or more adventurously, change get-Eventlog system to get-Eventlog application.

Note 1: You could simplify the script further and just type:
get-EventLog system

Note 2:  Each word, and indeed every symbol, has deep meaning to PowerShell.  (|) pipes the output of the first clause into the 'Where' statement.   As a result the output is filtered so that you see only error messages, and not information or warning messages.

Note 3:  PowerShell supports a whole family of conditional statements, for example, -like, -contains, or even plain -eq (Equals), but for this job, I chose -match.

Guy Recommends: SolarWinds Engineer's Toolset v10

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.  Guy says it helps me monitor what's occurring on the network, and the tools teaches me more about how the system literally operates.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.  Download your copy of the Engineer's Toolset v 10

Trusty Twosome (Get-Help and Get-Member)

Whenever you discover a new PowerShell command, it benefits from being surveyed with what I call the 'Trusty Twosome'.  In this instance, if you research a verb-noun command with get-Help and get-Member, then you are sure to unearth new scripting possibilities. To see what I mean, apply these two commands to get-Eventlog:

1) get-Help get-Eventlog
    If you want to see examples of the get-Eventlog in action try:
    help eventlog -full

Get-Help displays useful parameters such as: -list, -logname, and -newest.  Indeed, the first thing to remember about get-Eventlog is that it needs the name of the log, for example: get-Eventlog system.  Remember that PowerShell is looking for a positional argument, thus 'system' is the name of the log and is an argument, and not a parameter.  To determine this difference, PowerShell expects a parameter to be introduced with a -dash, whereas an argument is preceded by only a space.

Other names of logs that you can substitute for 'system' are: Application, Security and even PowerShell itself has a log.  Windows Server 2003 is likely to have yet more logs, for example, Directory Service and DNS Server.

2) get-Eventlog system |get-Member -MemberType property
    If you wish to filter gm try: get-Eventlog system | gm -Membertype property.

The above command reveals a list of properties that you can then use in the output, for example, category and source.

PowerShell Example 3: Errors in the System log

This example produces a very similar result to Example 1 above.  The whole point of the extra code is to give us more control over the output.  There are numerous ways that you could achieve the same list of events; indeed, many of them are technically superior to mine.  However, while we are in learning mode, as opposed to production mode, I feel strongly that this script should demonstrate useful PowerShell features such as:  $Variables, pipeline, format-Table and the tiny ` backtick.

Learning Points

Note 1:  Guy loves variables.  In PowerShell you just declare variables with a $dollar sign.  There is nothing else you need to do!

Note 2:  The first example employed one pipeline (|), whereas this script has three (|)s.  This technique of using the output of the first clause as the input of the second clause, is a characteristic benefit of PowerShell.

Challenge 1:  I chose to sequence the data with: sort eventid.  Now, I challenge you to sort on TimeWritten.

Challenge 2:  In my opinion, it's not necessary to include entryType in the Format-Table statement, but I challenge you to add it, and then see if I am right, or see if I am wrong to omit this property.

Challenge 3:  I used the backtick ` to run one command over two lines.  You could try removing the backtick and making fewer, but longer lines.  Other experiments that you could try with backtick include putting a ` at a different point in the script.  Even better, try for one long but efficient command, perhaps use only one variable.

Summary of PowerShell Eventlog Scripts

I believe that PowerShell has a future.  My mission is to get you started using this scripting language.  What suits my learning style is concrete examples, where we learn by doing.  It is my belief that a good way to begin is by employing PowerShell to tackle everyday tasks such as reviewing the eventlogs.

Just by issuing a few variations of the command 'get-Eventlog system', you will soon get a feeling of the abilities of PowerShell.  Moreover, as a bonus you will soon obtain useful information about events in your operating system.  The command: 'get-Eventlog application' has a wide range of switches, for example -list and -newest.  What is always instructive with any PowerShell command, is get-Member, for example:
get-Eventlog system | get-Member.

See more PowerShell examples for event logs

• PowerShell Home   • EventVwr -list   • EventVwr errors   • Eventlog   • Diagnostics

• Getting started  • Error examples

Please write in if you see errors of any kind.  Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.

 *