• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 212
  • Last Modified:

Need some help in modifying Powershell script to go through event logs on multiple computers

Hi All,

Can anyone please assist me to modify the below script to accommodate multiple input of servers for specific criteria of Event logged ?

Param (
    [string[]]$listOfServers,
    [string]$discoverDC,
    [string]$eventLogName,
    [string]$stringToSearchFor,
    [bool]$table,
    [bool]$list
)

If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") {
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name}
}
If ($discoverDC.ToUpper() -eq "LOCALSITE") {
    $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name    
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name}
}

$relatedEvents = @()
$listOfServers | %{
    $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor}
    $relatedEvents += $relatedEventsOnServer
}

If ($table) {
    $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize
} Else {
    $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message
}

Open in new window


because when I saved the file from above code into:

Search-EventLog-For-String.ps1 -listOfServers (Get-AdDomain | Get-AdDomainController) -eventLogName Security -stringToSearchFor "DOMAIN\Administrator" -table $true

it is failed.

Thanks in advance.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
1 Solution
 
oBdACommented:
"Failed" doesn't help too much as error description. What is the exact error you get?
Or do you just get no results at all, even though it should return some?
Then the issue is probably your search string. You're using "-match", which expects a regular expression. You're passing "DOMAIN\Administrator", but in a RegEx, the backslash is the escape character, so to find "DOMAIN\Administrator", you'll need to escape the backslash: -stringToSearchFor "DOMAIN\\Administrator" (try "DOMAIN\Administrator" -match "DOMAIN\Administrator" - it will return "False").
1
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks for the correction.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now