powershell script to export specific Windows application event

Hi,

i need a script to export a specific Application event from a Windows 2008 server.

the script must export all information of this event and include the description.

the event id is (703 and 1221).

The script must stock the output result in local folder and email a copy of the file.

the script must only export this event with the effectif date, for exemple, if i lunsh the script 5 Marsh, the script must only export the log of event 703 and 1221 for the 5 MARSH.

Thanks for your help.
cawasakiAsked:
Who is Participating?
 
prashanthdConnect With a Mentor Commented:
hmmm...powershell versions, anyway modified the code and test, please try now

regards
Prashanth
################################################################
$FromAddress = ""  # Give from mail address
$ToAddress = ""    # Give To mail address
$SendingServer = "" # Smtp or relayserver to send mail from 
$output_file_path="C:\" # output file path
#################################################################

$today=[DateTime]::Today
$today

$output_file_path=$output_file_path + $dt.month +"_"+ $dt.day +"_"+ $dt.year + "_EventLog.txt"

$output=Get-EventLog "application" | Where-Object {($_.EventID -eq 703 -or $_.EventID -eq 1221) -and $Today -le $_.TimeWritten 
} | Select eventid, timewritten,message | Format-list

$output
$output | Out-File $output_file_path

#########################Send Mail################################

$MessageSubject = "Eventlog Report for - " + $dt
$MessageBody = "Check Attachment"
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment($output_file_path)
$SMTPMessage.Attachments.Add($Attachment)
$SMTPClient = New-Object System.Net.Mail.SMTPClient 
$SmtpClient.host = $SendingServer
$SMTPClient.Send($SMTPMessage)

#############################################################################

Open in new window

0
 
prashanthdCommented:
Hi,

Try this code, edit the date, from,to, smtp server and out filepath

regards
Prashanth

################################################################

$dt=Get-Date "03/05/2011" # Change date to check for
$FromAddress = ""  # Give from mail address
$ToAddress = ""    # Give To mail address
$SendingServer = "" # Smtp or relayserver to send mail from
$output_file_path="C:\" # output file path
#################################################################

$dt
$adt=$dt
$bdt=$dt.adddays(+1)
$bdt
$output_file_path=$output_file_path + $dt.month +"_"+ $dt.day +"_"+ $dt.year + "_EventLog.txt"

$output=Get-EventLog "Application" -after $adt -before $bdt | Where-Object {$_.EventID -eq 703 -or $_.EventID -eq 1221} | Select eventid, timewritten,message | Format-list
$output | Out-File $output_file_path

#########################Send Mail################################

$MessageSubject = "Eventlog Report for - " + $dt
$MessageBody = "Check Attachment"
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment($output_file_path)
$SMTPMessage.Attachments.Add($Attachment)
$SMTPClient = New-Object System.Net.Mail.SMTPClient
$SmtpClient.host = $SendingServer
$SMTPClient.Send($SMTPMessage)

#############################################################################
0
 
cawasakiAuthor Commented:
i try
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
cawasakiAuthor Commented:
why i need to edit the date?

the script must work automaticly?
0
 
cawasakiAuthor Commented:
hi,

i have error:

[PS] C:\Temp>.\test.ps1

jeudi 3 mars 2011 00:00:00
vendredi 4 mars 2011 00:00:00
Get-EventLog : A parameter cannot be found that matches parameter name 'after'.
At C:\Temp\test.ps1:16 char:42
+ $output=Get-EventLog "Application" -after  <<<< $adt -before $bdt | Where-Object {$_.EventID -eq
703 -or $_.EventID -eq 1221} | Select eventid, timewritten,message | Format-list

Open in new window

0
 
prashanthdCommented:
Modified the code, test now

regards
Prashanth
################################################################
$FromAddress = ""  # Give from mail address
$ToAddress = ""    # Give To mail address
$SendingServer = "" # Smtp or relayserver to send mail from 
$output_file_path="C:\" # output file path
#################################################################

$dt=Get-Date
$adt=$dt.ToShortDateString()
$adt
$bdt=$dt.adddays(+1)
$bdt=$bdt.ToShortDateString()
$bdt

$output_file_path=$output_file_path + $dt.month +"_"+ $dt.day +"_"+ $dt.year + "_EventLog.txt"

$output=Get-EventLog "Application" -after $adt -before $bdt | Where-Object {$_.EventID -eq 703 -or $_.EventID -eq 1221} | Select eventid, timewritten,message | Format-list
$output | Out-File $output_file_path

#########################Send Mail################################

$MessageSubject = "Eventlog Report for - " + $dt
$MessageBody = "Check Attachment"
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment($output_file_path)
$SMTPMessage.Attachments.Add($Attachment)
$SMTPClient = New-Object System.Net.Mail.SMTPClient 
$SmtpClient.host = $SendingServer
$SMTPClient.Send($SMTPMessage)

#############################################################################

Open in new window

0
 
cawasakiAuthor Commented:
i test 2min
0
 
cawasakiAuthor Commented:
same error:

[PS] C:\Temp>.\test.ps1
06/03/2011
07/03/2011
Get-EventLog : A parameter cannot be found that matches parameter name 'after'.
At C:\Temp\test.ps1:17 char:42
+ $output=Get-EventLog "Application" -after  <<<< $adt -before $bdt | Where-Object {$_.EventID -eq
703 -or $_.EventID -eq 1221} | Select eventid, timewritten,message | Format-list

Open in new window

0
 
prashanthdCommented:
What is the OS language being used?

I do not understand jeudi,vendredi
0
 
cawasakiAuthor Commented:
ok lol sorry, its a frensh but i have tested also in the english system.

 jeudi is THURSDAY

vendredi is FRIDAY
0
 
prashanthdCommented:
Np...are you getting the same errors in english system also?
0
 
cawasakiAuthor Commented:
yes same error in english version.

its a Windows 2008 SP1.

the script work for you?
0
 
cawasakiAuthor Commented:
and why i see this date when i lunsh the script:

06/03/2011
07/03/2011


the 07/03/2011 is tomorow date, its normal????
0
 
cawasakiAuthor Commented:
ok the pb is the versoin of powershell, i have 1.0 version and your script work only in the 2.0 version???
0
 
prashanthdCommented:
Please replace $dt to $today
0
 
cawasakiAuthor Commented:
Hi,

now i have another error:

PS C:\Temp> .\test.ps1

dimanche 6 mars 2011 00:00:00
out-lineoutput : Object of type "Microsoft.PowerShell.Commands.Internal.Format.FormatStartData" is not legal or not in
the correct sequence. This is likely caused by a user-specified "format-list" command which is conflicting with the def
ault formatting.

Open in new window

0
 
prashanthdCommented:
is the following in one single line, if not ensure the entire line is one single line and try

$output=Get-EventLog "application" | Where-Object {($_.EventID -eq 703 -or $_.EventID -eq 1221) -and $Today -le $_.TimeWritten } | Select eventid, timewritten,message | Format-list
0
 
prashanthdCommented:
Formatted the same..
################################################################
$FromAddress = ""  # Give from mail address
$ToAddress = ""    # Give To mail address
$SendingServer = "" # Smtp or relayserver to send mail from 
$output_file_path="C:\" # output file path
#################################################################

$today=[DateTime]::Today
$today

$output_file_path=$output_file_path + $today.month +"_"+ $today.day +"_"+ $today.year + "_EventLog.txt"

$output=Get-EventLog "application" | Where-Object {($_.EventID -eq 703 -or $_.EventID -eq 1221) -and $Today -le $_.TimeWritten } | Select eventid, timewritten,message | Format-list

$output
$output | Out-File $output_file_path

#########################Send Mail################################

$MessageSubject = "Eventlog Report for - " + $today
$MessageBody = "Check Attachment"
$SMTPMessage = New-Object System.Net.Mail.MailMessage $FromAddress, $ToAddress, $MessageSubject, $MessageBody
$Attachment = New-Object Net.Mail.Attachment($output_file_path)
$SMTPMessage.Attachments.Add($Attachment)
$SMTPClient = New-Object System.Net.Mail.SMTPClient 
$SmtpClient.host = $SendingServer
$SMTPClient.Send($SMTPMessage)

#############################################################################

Open in new window

0
 
cawasakiAuthor Commented:
it is in one line!
0
 
prashanthdCommented:
can you remove "| format-list" and try
0
 
cawasakiAuthor Commented:
ok work, and other version work in powershell v2, i have tested.

now, its possible to lunshthis script for remote server?

thanks
0
 
cawasakiAuthor Commented:
hi,

ok, simple, i add -computer and its ok.

now small problem. in my server i have 100000 logs in Applicaiton log, and the script take a long time to finish.

It is possible to make it only check le event log for just the effective date and quit after that?

thanks
0
 
prashanthdCommented:
Actually both the scripts are filtering the events only for today, which script are you using the one for powershell v2 or v1?

0
 
cawasakiAuthor Commented:
V2.

the problem, i have lunsh the script and its not ended! 20 minutes and not end!

 
0
 
cawasakiAuthor Commented:
i suspect the script search all event in all log and export only event for the good date. sow in my case, i havea lot event in application event!

0
 
cawasakiAuthor Commented:
and if i lunsh the 2 script to test in other server and with small application event log, it to fast!
0
 
prashanthdCommented:
You can add additional filter -entrytype information as both the events are of type information.

you can add this after "application" -entrytype information
0
 
cawasakiAuthor Commented:
same problem, the script take a long time.
0
 
prashanthdCommented:
May be you should look at the following tool, as this executes command on the remote server

PsLogList
http://technet.microsoft.com/en-us/sysinternals/bb897544

Test if the tool is retrieving faster..
0
 
cawasakiAuthor Commented:
ok, the best solution for me is to use this comamnd:

$output=Get-EventLog -Newest 1000 "application" -ComputerName servername

$result = $output | Where-Object {($_.EventID -eq 721)} | Select eventid, timewritten,message | Format-list

$result | Out-File $output_file_path

is to fast now, but my result file is empty!

when i excute just :

$output=Get-EventLog -Newest 1000 "application" -ComputerName servername

$output | Where-Object {($_.EventID -eq 721)} | Select eventid, timewritten,message | Format-list

i can view in my script the correct log!

any help?
0
 
prashanthdCommented:
Tested the following and worked fine, have you checked the full script where a value is assigned to $output_file_path, also just add $result before outputting the file, this will display results to screen, before writing to the file

$output=Get-EventLog -Newest 1000 "application" -ComputerName servername

$result = $output | Where-Object {($_.EventID -eq 721)} | Select eventid, timewritten,message | Format-list

$result

$result | Out-File $output_file_path

0
 
cawasakiAuthor Commented:
Work thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.