Solved

Powershell Export Event logs

Posted on 2015-02-06
3
247 Views
Last Modified: 2015-02-21
Not sure what I am doing wrong I am trying to get all the different types of logs into a file with server name.  The File path is not coming out correctly.


The function I am user is here
http://www.insidepowershell.com/?p=611



# Import Testing function (also defines prerequisites)
. C:\NOCScripts\Powershell\GetLogData\Export-EventLog.ps1

$Servers = get-content "C:\NOCScripts\Powershell\GetLogData\splunk\ServerList.txt"
$LogDest = "C:\NOCScripts\Powershell\GetLogData\splunk\evxt"

$LogNamesArry = "Application,Hardware Events,Operations Manager,Security,System,Windows Powershell,Internet Explorer,Key Management Service"
$LogNames = $LogNamesArry.split(',');

$Days_Ago = 1096


FOREACH ($Server in $Servers){
            FOREACH($LogName in $LogNames){
            Write-Host $LogName $Server $Start_Date
             
Write-Host $Server $LogName 
 Export-EventLog -Servers $Server -Logname $LogName -FileName "$Server.evtx" -Path  $LogDest -Days $Days_Ago

        }

}

Open in new window



Output Produced with error
Hardware Events n2sup2is02 

 Export Started 
 Server: n2sup2is02 
 Path:  C:\NOCScripts\Powershell\GetLogData\splunk\evxt\\HardwareEvents n2sup2is02 2015-02-06.evtx 
 Days: 1096 

wevtutil : Failed to export log Hardware Events. The specified channel could not be found. Check channel configuration.
At C:\NOCScripts\Powershell\GetLogData\Export-EventLog.ps1:126 char:1
+ wevtutil epl $logname "$path\$filename" /ow /r:"$server" /q:"*[System[TimeCreate ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Failed to expor... configuration.:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 

 Export Complete: C:\NOCScripts\Powershell\GetLogData\splunk\evxt\\HardwareEvents n2sup2is02 2015-02-06.evtx 

Open in new window

0
Comment
Question by:Leo Torres
  • 2
3 Comments
 
LVL 40

Expert Comment

by:footech
ID: 40595507
Your output for the path does not match with the code posted, so something is definitely different than above.  Running the code above with a servername of "localhost", I get a path like
Path:  C:\NOCScripts\Powershell\GetLogData\splunk\evxt\localhos localhost 2015-02-07.evtx
Yes, it says "localhos" at one point because of the way the Trim method works - better would be to use the Replace method so you don't get unexpected results.

As far as the error message, it's because the channel is "HardwareEvents" without a space, so you need to modify line 7 where you define $LogNamesArry.
0
 
LVL 8

Author Comment

by:Leo Torres
ID: 40596515
The path Name yes is one of my issues not sure why I get that bad path.

Any idea on path issue.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 40597382
As you can see from the result I posted, there was no problem with the path.

To try to diagnose any issue you're having with the path I would need the command you're running, any file that supplies input, and the output.  As I mentioned, the sample output you provided before does not match with the code as shown, so you must have changed something.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help you understand what HashTables are and how to use them in PowerShell.
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question