?
Solved

Need some help in modifying Powershell script to go through event logs on multiple computers

Posted on 2016-10-17
2
Medium Priority
?
158 Views
Last Modified: 2016-11-01
Hi All,

Can anyone please assist me to modify the below script to accommodate multiple input of servers for specific criteria of Event logged ?

Param (
    [string[]]$listOfServers,
    [string]$discoverDC,
    [string]$eventLogName,
    [string]$stringToSearchFor,
    [bool]$table,
    [bool]$list
)

If ($discoverDC.ToUpper() -eq "LOCALDOMAIN") {
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null} | %{$_.Name}
}
If ($discoverDC.ToUpper() -eq "LOCALSITE") {
    $adSiteLocalComputer = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name    
    $listOfServers = ([system.directoryservices.activedirectory.Domain]::GetCurrentDomain()).DomainControllers | ?{$_.IPAddress –ne $null -And $_.SiteName -eq $adSiteLocalComputer} | %{$_.Name}
}

$relatedEvents = @()
$listOfServers | %{
    $relatedEventsOnServer = Get-WinEvent -ComputerName $($_) -LogName $eventLogName | ?{ $_.Message -match $stringToSearchFor}
    $relatedEvents += $relatedEventsOnServer
}

If ($table) {
    $relatedEvents | FT Id, MachineName, LogName, TimeCreated, Message -AutoSize
} Else {
    $relatedEvents | FL Id, MachineName, LogName, TimeCreated, Message
}

Open in new window


because when I saved the file from above code into:

Search-EventLog-For-String.ps1 -listOfServers (Get-AdDomain | Get-AdDomainController) -eventLogName Security -stringToSearchFor "DOMAIN\Administrator" -table $true

it is failed.

Thanks in advance.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41847772
"Failed" doesn't help too much as error description. What is the exact error you get?
Or do you just get no results at all, even though it should return some?
Then the issue is probably your search string. You're using "-match", which expects a regular expression. You're passing "DOMAIN\Administrator", but in a RegEx, the backslash is the escape character, so to find "DOMAIN\Administrator", you'll need to escape the backslash: -stringToSearchFor "DOMAIN\\Administrator" (try "DOMAIN\Administrator" -match "DOMAIN\Administrator" - it will return "False").
1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41869301
Thanks for the correction.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question