I'm currently converting some old VB scripts to Windows Powershell. The one I'm working on now looks at the event logs for a remote computer and searches the logs for all occurrences of a certain string then grabs information from the events when it finds a match. My script's syntax looks ok but I keep getting an error saying "Quota violation" when I run the script. Here's the script I'm using. Can someone take a look at it and see if it looks ok? The script is intended to be used to give back information regarding the time people connected to our Cisco VPN. The server being searched is the IAS server for the Cisco VPN hence why I'm searching the Windows event logs for this stuff.
I'm totally open to the script being completely hacked to pieces if I'm doing this wrong. The end result is that I want to look in the application log for a remote server for occurrences of a certain string then grab information from the events when a match is found (yes I know I'm repeating myself!). The current script searches ALL the event logs - can it be restricted to the application log only?
*** script start ***
$strComputer = "server01.mydomain.local"
$colItems = get-wmiobject -class "Win32_NTLogEvent" -namespace "root\CIMV2" -computername $strComputer -credential "mydomain.local\myaccount"
foreach ($objItem in $colItems)
if ($objItem.LogFile = "System")
if ($objItem.Message -ne $null)
$userLocationStart = $objItem.Message.IndexOf("User") + 5
$userLocationFinish = $objItem.Message.IndexOf("was granted") - 1
$userStr = $objItem.Message.SubString($userLocationStart, $userLocationFinish - $userLocationStart)
$strVPNAccess = "$strVPNAccess $userStr - objItem.TimeWritten`r`n"
*** script end ***
Thanks in advance!