Powershell get-eventlog very time consuming
HI Guys,
When I try this code it takes ages!!, please help:
get-content C:\ADMS1_Servers.txt | foreach {Get-EventLog -computername $_ -LogName system -After 17/02/2014 | where {$_.eventid -eq "11"} } | select *
It takes so long that I've never seen it complete. PLease help!
When I try this code it takes ages!!, please help:
get-content C:\ADMS1_Servers.txt | foreach {Get-EventLog -computername $_ -LogName system -After 17/02/2014 | where {$_.eventid -eq "11"} } | select *
It takes so long that I've never seen it complete. PLease help!
ASKER
ive tried that, it takes forever, I just gave up in the end.
OK. This:
Make sure your locale is correct. On my system 17/02/2014 threw an error
HTH,
Dan
Get-EventLog -LogName system -After 2/17/2014 | where {$_.eventid -eq "11"}Make sure your locale is correct. On my system 17/02/2014 threw an error
HTH,
Dan
ASKER
that im sure is correct as our systems are on the UK format :)
You might see an improvement if you allow Get-EventLog to manage the PCs itself, or use Get-WinEvent -FilterHashTable (which allows for filtering for an event id):
Get-EventLog -Computer (get-content C:\ADMS1_Servers.txt) -LogName system -After 17/02/2014 | where {$_.eventid -eq "11"} } | ft * -auto
Get-WinEvent -Computer (get-content C:\ADMS1_Servers.txt) -FilterHashTable @{
logname = 'system'
ID = 11
StartTime = 17/02/2014
} | ft * -autoASKER
HI Qlemo,
The get-eventlog still takes very, I can't even cancel out of it by pressing cntrl + c.
The get-winevent doesn't work, its gives me this error message:
Get-WinEvent : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Co
fied method is not supported.
At line:1 char:23
+ Get-WinEvent -Computer <<<< (get-content C:\ADMS1_Windows_Servers.t
+ CategoryInfo : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Micr
Thanks for your help :)
The get-eventlog still takes very, I can't even cancel out of it by pressing cntrl + c.
The get-winevent doesn't work, its gives me this error message:
Get-WinEvent : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Co
fied method is not supported.
At line:1 char:23
+ Get-WinEvent -Computer <<<< (get-content C:\ADMS1_Windows_Servers.t
+ CategoryInfo : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Micr
Thanks for your help :)
Oh, that's true, Get-WinEvent does not allow for a string array for -ComputerName ...
get-content C:\ADMS1_Servers.txt | % {
Get-WinEvent -Computer $_ -FilterHashTable @{
logname = 'system'
ID = 11
StartTime = 17/02/2014
}} | ft * -autoASKER
HI Guys,
I tried this code below:
However the -match gives me anything with a 7 or 11 e.g 00711 or 1231144? How can I get it to match only the number I've specified?
Also it takes ages, I let it running all night then when I came back tomorrow morning and it was still running, then I pressed cntrl + c , then it gave me some results.
I tried this code below:
Get-EventLog -Computer (get-content C:\ADMS1_Windows_Servers.txt) -LogName system -After 17/02/2014 | where {$_.eventid -match "7|11|51|52"} | ft * -autoHowever the -match gives me anything with a 7 or 11 e.g 00711 or 1231144? How can I get it to match only the number I've specified?
Also it takes ages, I let it running all night then when I came back tomorrow morning and it was still running, then I pressed cntrl + c , then it gave me some results.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I mean if C:\ADMS1_Servers.txt contains a single server.