Solved

Need some help in modifying Powershell script to go through event logs on multiple computers

Posted on 2016-10-17
2
81 Views
Last Modified: 2016-11-01
Hi All,

Can anyone please assist me to modify the below script to accommodate multiple input of servers for specific criteria of Event logged ?

Param (
    [string[]]$listOfServers,
    [string]$discoverDC,
    [string]$eventLogName,
    [string]$stringToSearchFor,
    [bool]$table,
    [bool]$list
)

If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") {
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name}
}
If ($discoverDC.ToUpper() -eq "LOCALSITE") {
    $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name    
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name}
}

$relatedEvents = @()
$listOfServers | %{
    $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor}
    $relatedEvents += $relatedEventsOnServer
}

If ($table) {
    $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize
} Else {
    $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message
}

Open in new window


because when I saved the file from above code into:

Search-EventLog-For-String.ps1 -listOfServers (Get-AdDomain | Get-AdDomainController) -eventLogName Security -stringToSearchFor "DOMAIN\Administrator" -table $true

it is failed.

Thanks in advance.
0
Comment
2 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 41847772
"Failed" doesn't help too much as error description. What is the exact error you get?
Or do you just get no results at all, even though it should return some?
Then the issue is probably your search string. You're using "-match", which expects a regular expression. You're passing "DOMAIN\Administrator", but in a RegEx, the backslash is the escape character, so to find "DOMAIN\Administrator", you'll need to escape the backslash: -stringToSearchFor "DOMAIN\\Administrator" (try "DOMAIN\Administrator" -match "DOMAIN\Administrator" - it will return "False").
1
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41869301
Thanks for the correction.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now