Solved

Need some help in modifying Powershell script to go through event logs on multiple computers

Posted on 2016-10-17
2
42 Views
Last Modified: 2016-11-01
Hi All,

Can anyone please assist me to modify the below script to accommodate multiple input of servers for specific criteria of Event logged ?

Param (
    [string[]]$listOfServers,
    [string]$discoverDC,
    [string]$eventLogName,
    [string]$stringToSearchFor,
    [bool]$table,
    [bool]$list
)

If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") {
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name}
}
If ($discoverDC.ToUpper() -eq "LOCALSITE") {
    $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name    
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name}
}

$relatedEvents = @()
$listOfServers | %{
    $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor}
    $relatedEvents += $relatedEventsOnServer
}

If ($table) {
    $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize
} Else {
    $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message
}

Open in new window


because when I saved the file from above code into:

Search-EventLog-For-String.ps1 -listOfServers (Get-AdDomain | Get-AdDomainController) -eventLogName Security -stringToSearchFor "DOMAIN\Administrator" -table $true

it is failed.

Thanks in advance.
0
Comment
2 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 41847772
"Failed" doesn't help too much as error description. What is the exact error you get?
Or do you just get no results at all, even though it should return some?
Then the issue is probably your search string. You're using "-match", which expects a regular expression. You're passing "DOMAIN\Administrator", but in a RegEx, the backslash is the escape character, so to find "DOMAIN\Administrator", you'll need to escape the backslash: -stringToSearchFor "DOMAIN\\Administrator" (try "DOMAIN\Administrator" -match "DOMAIN\Administrator" - it will return "False").
1
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41869301
Thanks for the correction.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now