[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 501
  • Last Modified:

Exchange 2010, PowerShell

I am trying to use this script here:

http://theboywonder.co.uk/2012/03/15/speeding-up-get-winevent-in-powershell-by-using-filterhashtable/

To do the following:

1) Scan all the exchange servers in the Organization and collect the events.

The commands work individually however I cannot figure out how to make the script connect to each of the Servers in the Exchange Organization. I tried using the command:

[PS] C:\>Get-WinEvent -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime="1/1/2014"} -ErrorAction Silently
Continue -Computer $Servers | Select-Object TimeCreated,LogName,ProviderName,Id,LevelDisplayName,Message
Get-WinEvent : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'ComputerName'. Speci
fied method is not supported.
At line:1 char:130
+ Get-WinEvent -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime="1/1/2014"} -ErrorAction SilentlyContin
ue -Computer <<<<  $Servers | Select-Object TimeCreated,LogName,ProviderName,Id,LevelDisplayName,Message
    + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.PowerShell.Commands.GetWinEventCommand

AS you can see it did not work. I really am not a scripter so I am hoping you can help out here. I created my own server variable using the :

[PS] C:\>$Servers = get-content -Path c:\servers.txt

That worked however I still cannot use the command to get all the computers and then gather all the event logs.

Thanks,

Robert
0
castellansolutions
Asked:
castellansolutions
  • 2
  • 2
1 Solution
 
footechCommented:
The simplest method is to process each server individually.
Try the following:
get-content -Path c:\servers.txt | ForEach `
{
    Get-WinEvent -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime="1/1/2014"} -ErrorAction SilentlyContinue -Computer $_ |
     Select-Object TimeCreated,LogName,ProviderName,Id,LevelDisplayName,Message
}

Open in new window

0
 
castellansolutionsAuthor Commented:
This is great!! It worked however there is one last thing that I need to figure out, when I use the command it doesn't provide the server name where the events were generated from.

So in my lab I have 16 Exchange Servers.... How do I add the name ?
0
 
footechCommented:
We can add that as a calculated property with Select-Object.
get-content -Path c:\servers.txt | ForEach `
{
    $server = $_
    Get-WinEvent -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime="1/1/2014"} -ErrorAction SilentlyContinue -Computer $_ |
     Select-Object @{n="Server";e={$server}},TimeCreated,LogName,ProviderName,Id,LevelDisplayName,Message
}

Open in new window

0
 
castellansolutionsAuthor Commented:
Works like a charm!
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now