Powershell Scan Event log
Hello,
The code above returns
I need this script to go back 1 hour and check for error. If it returns at least 1 error send me an email with the time and message in the body as a table. But I cant even get the message to display correctly.
CLS
$a = Get-Date
$b = $a.AddHours(-1) #$a.AddDays(-1)
$Server = "ServerName"
Get-EventLog -ComputerName $Server -LogName Application -After $b -Before $a -Source "MSSQLSERVER" | ?{$_.EventID -eq 14151 } The code above returns
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
2255302 Mar 22 10:39 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255299 Mar 22 10:38 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255298 Mar 22 10:38 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255297 Mar 22 10:38 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255296 Mar 22 10:37 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255295 Mar 22 10:37 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...
2255294 Mar 22 10:37 Error MSSQLSERVER 3221239623 The description for Event ID '-1073727673' in Source 'MSSQLSERVER' cannot be found. The...I need this script to go back 1 hour and check for error. If it returns at least 1 error send me an email with the time and message in the body as a table. But I cant even get the message to display correctly.
Can you try and run the command directly on the server? Just wondering if it's because the local registry doesn't have the event information, maybe it doesn't return the data with full fidelity. If it does work on the server I'd wonder if it would work with the proper SQL Management Tools installed on the running station.
ASKER
I did run it locally on the server I was looking logs at.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
footech:
I like your code and seems like it works but it takes a while since I have to get all the errors in an hour then apply the Eventid filter
The one have seems to work a little better but i cant add the time filter or check for counts so see if its more than 1
Any way we can add time filter to this and and count check to see if 1 exists send email
I like your code and seems like it works but it takes a while since I have to get all the errors in an hour then apply the Eventid filter
The one have seems to work a little better but i cant add the time filter or check for counts so see if its more than 1
cls
$End = Get-Date
$Start = $End.AddHours(-1) #$a.AddDays(-1)
$Server = "SomeServer"
Get-EventLog -LogName Application -ComputerName $Server -EntryType Error | where-object { $_.eventid -eq 14151} | Select TimeGenerated,Message,MachineName -First 2 | Export-Csv errors.csv
$SMTPSERVER = "Server"
$FROM = "Email1"
$TO = "Email2"
$SUBJECT = "Replication Errors"
$Errorinfo = Import-Csv errors.csv | ConvertTo-Html -Fragment
$mailBody = @"
$Errorinfo
"@
Send-MailMessage -From $FROM -To $TO -SmtpServer $SMTPSERVER -Subject $SUBJECT -Body $mailBody -BodyAsHtml: $true
Write-Host "Message Sent...!"Any way we can add time filter to this and and count check to see if 1 exists send email
Why can't you add the time filter or check for counts? Nothing's different. Just add the parameter for the time.
For the count, notice what I did: I collected the output from Get-EventLog into an array and assigned it to a variable.
And I'm not sure why you're exporting to .CSV now.
Can you use Get-WinEvent?
For the count, notice what I did: I collected the output from Get-EventLog into an array and assigned it to a variable.
And I'm not sure why you're exporting to .CSV now.
Can you use Get-WinEvent?