[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Need some help in modifying Powershell script to go through event logs on multiple computers

Posted on 2016-10-17
2
Medium Priority
?
173 Views
Last Modified: 2016-11-01
Hi All,

Can anyone please assist me to modify the below script to accommodate multiple input of servers for specific criteria of Event logged ?

Param (
    [string[]]$listOfServers,
    [string]$discoverDC,
    [string]$eventLogName,
    [string]$stringToSearchFor,
    [bool]$table,
    [bool]$list
)

If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") {
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name}
}
If ($discoverDC.ToUpper() -eq "LOCALSITE") {
    $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name    
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name}
}

$relatedEvents = @()
$listOfServers | %{
    $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor}
    $relatedEvents += $relatedEventsOnServer
}

If ($table) {
    $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize
} Else {
    $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message
}

Open in new window


because when I saved the file from above code into:

Search-EventLog-For-String.ps1 -listOfServers (Get-AdDomain | Get-AdDomainController) -eventLogName Security -stringToSearchFor "DOMAIN\Administrator" -table $true

it is failed.

Thanks in advance.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41847772
"Failed" doesn't help too much as error description. What is the exact error you get?
Or do you just get no results at all, even though it should return some?
Then the issue is probably your search string. You're using "-match", which expects a regular expression. You're passing "DOMAIN\Administrator", but in a RegEx, the backslash is the escape character, so to find "DOMAIN\Administrator", you'll need to escape the backslash: -stringToSearchFor "DOMAIN\\Administrator" (try "DOMAIN\Administrator" -match "DOMAIN\Administrator" - it will return "False").
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41869301
Thanks for the correction.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question