Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PowerShell and Get-EventLogs CMDLET

Posted on 2011-10-21
10
Medium Priority
?
684 Views
Last Modified: 2012-05-12
I'm new to powershell and want to konw if it possible to use the get-eventlog cmdlet but view all warning and errors on all event logs at once in stead of view the system, app and other logs one by one
0
Comment
Question by:compdigit44
  • 4
  • 3
  • 3
10 Comments
 
LVL 6

Expert Comment

by:regevha
ID: 37007997
If I understand you right, the command you are looking for is:
get-eventlog -list | ForEach-Object {get-eventlog -LogName $_.Log}|  Where-Object {($_.EntryType
 -eq "Error") -or  ($_.EntryType -eq "Warning")} | Sort-Object EntryType,EventTime

Open in new window

0
 
LVL 6

Expert Comment

by:regevha
ID: 37009466
There is even a simpler Powershell command that gives the same results:
Get-EventLog -List -AsString | foreach  {Get-EventLog -LogName $_ -EntryType Error,Warning} | Sort-Object EntryType,TimeGenerated

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 37032316
Thanks.. Here lies my problem with powershell as a newbie how would I know to use the for-ech or - object calls??? This is why I'm find powershell so hard to learn
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 6

Expert Comment

by:regevha
ID: 37043158
Please let me know if you would like further assistance with this question
0
 
LVL 20

Author Comment

by:compdigit44
ID: 37044235
Yes!!!! I guess what I need help with is: as someone who is new to powershell how would I know to do what you did to parse the Get-Evetlog CMDLET to it shows the exact information you needed. The -details command shows nothing of this information
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 37063286
get-help get-eventlog -detail   shows many examples. The first one shows how to get the list of logs. You now need to know (it is basic PowerShelling) how to process obects in general. Simplified:
command1 | command2
If command2 knows how to process the input by itself. Both commands need to fit to each other to allow for that. Examples are Exchange cmdlets, which can often be combined that way. But get-eventlog isn't of that kind, sadly, which is obvious if you view the syntax - it requires the name of a log, or -list.
command1 | ? {filter condition using $_ for each object} | % {foreach using $_ for each object}
is used in the other cases. The foreach will call other cmdlets, providing the single object $_ with a method or property, in most cases.
Noone is saying PowerShell is easy - but if you have acknowledged the basic concept of piping and filtering, combined with using objects with properties and methods, you can help yourself in most cases by just trying out.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 37064400
I guess I'm having a hard time understand what classes and objects are
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 37065020
In a very simplified manner:
Classes are types of (structured) data handled as a single item. Classes do not contain data.
Objects are instances of classes. They contain all related data.
Properties are the data, methods are like procedures or functions, but belonging to the class. The same property or method can mean and do different things on different classes.
With PowerShell you will use properties, and sometimes methods, to get necessary info or perform actions as needed.

For example, a class is Person, consisting of Name, Mood ("Happy", "Sad"), Gender ("m", "f").
A object of class Person is me: Name = "Qlemo", Mood = 'Happy", Gender = "m".
If you would ask for my mood, you would do so by using Qlemo.Mood .

If you think of a class as a simple structure containing different data (leaving out the method stuff), it might be easier for you to use them.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 37071373
what is the difference between get-winevent and get-eventlog???
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 37071609
Get-EventLog works only for "classic" event log entries. Vista and above introduced a more advanced feature, and those entries need to be queried with Get-WinEvent. You can use the latter for all event log entries, but only on Vista and above.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question