[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖

[转载代码] [PowerShell每日技巧]从全部事件日志中获取事件(20140415)

Recently, a reader asked how to retrieve all events from all event logs from a local or remote system, and optionally save them to file.

Here is a potential solution:
  1. # calculate start time (one hour before now)
  2. $Start = (Get-Date) - (New-Timespan -Hours 1)
  3. $Computername = $env:COMPUTERNAME
  4. # Getting all event logs
  5. Get-EventLog -AsString -ComputerName $Computername |
  6.   ForEach-Object {
  7.     # write status info
  8.     Write-Progress -Activity "Checking Eventlogs on \\$ComputerName" -Status $_
  9.     # get event entries and add the name of the log this came from
  10.     Get-EventLog -LogName $_ -EntryType Error, Warning -After $Start -ComputerName $ComputerName -ErrorAction SilentlyContinue |
  11.       Add-Member NoteProperty EventLog $_ -PassThru
  12.   } |
  13.   # sort descending
  14.   Sort-Object -Property TimeGenerated -Descending |
  15.   # select the properties for the report
  16.   Select-Object EventLog, TimeGenerated, EntryType, Source, Message |
  17.   # output into grid view window
  18.   Out-GridView -Title "All Errors & Warnings from \\$Computername"
复制代码
At the top of this script, you can set the remote system you want to query, and the number of hours you want to go back.

Next, the script gets all log files available on that machine, and then uses a loop to get the errors and warnings from each log within the timeframe. To be able to know which event came from which log file, it also tags the events with a new property called "EventLog", using Add-Member.

The result is a report with all error and warning events within the last hour, shown in a grid view window. Replace "Out-GridView" with "Out-File" or "Export-Csv" to write the information to disk.

Note that remote access requires Administrator privileges. Remote access might require additional security settings. Note also that you will receive red error messages if you run this code as a non-Administrator (because some logs like "Security" require special access privileges).

http://powershell.com/cs/blogs/tips/archive/2014/04/15/getting-events-from-all-event-logs.aspx

返回列表