Created
November 29, 2018 21:44
-
-
Save steviecoaster/f03c6fbcfa960ab7073f4ad0d975265d to your computer and use it in GitHub Desktop.
Find-Event
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Find-Event { | |
| <# | |
| .SYNOPSIS | |
| Find specific event in the log on specified computer(s) | |
| .PARAMETER Computer | |
| The machine or machines you wish to query | |
| .PARAMETER Logname | |
| The log in which to look for IDs | |
| .PARAMETER EventID | |
| The event ID you wish to query for | |
| .EXAMPLE | |
| Find-Event -Computername pc1 -Logname Security -EventID 6011 | |
| .EXAMPLE | |
| Find-Event -Computername pc1 -Logname Application -EventID 1022 | |
| .EXAMPLE | |
| (Get-ADComputer -Filter * -Searchbase "OU=Test,DC=dummy,DC=domain").Name | Find-Event -Logname Application -EventID 1022 | |
| #> | |
| [cmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory, Position = 0, ValueFromPipeline, ValueFromPipelineByPropertyName)] | |
| [string[]] | |
| $Computername, | |
| [Parameter(Mandatory, Position = 1)] | |
| [string] | |
| $Logname, | |
| [Parameter(Mandatory, Position = 2)] | |
| [int] | |
| $EventID | |
| ) | |
| Begin {} | |
| Process { | |
| foreach ($Computer in $ComputerName) { | |
| $online = Test-Connection -ComputerName $Computer -Count 1 -Buffersize 16 -Quiet | |
| if ($online -eq $true) { | |
| try { | |
| $event = Get-WinEvent -ComputerName $Computer -FilterHashTable @{ LogName = "$Logname"; ID = $EventID } -ErrorAction Stop | |
| # Construct an object | |
| $object = [pscustomobject]@{ | |
| Computer = $Computer | |
| Date = $event.Date | |
| Message = $event.Message | |
| } | |
| $object | export-CSV -Path C:\Scripts\Output\renamed-pcs.csv -NoTypeInformation -Append | |
| }#end try | |
| catch { | |
| $object = [pscustomobject]@{ | |
| Computer = $Computer | |
| Date = $event.Date | |
| Message = "Event ID 6011 not found" | |
| } | |
| $object | export-CSV -Path C:\Scripts\Output\renamed-pcs.csv -NoTypeInformation -Append | |
| }#end catch | |
| } #end if | |
| else { | |
| # Computer is not reachable! | |
| Write-Host "Error: $Computer not online" -Foreground white -BackgroundColor Red | |
| } #end else | |
| } #end foreach | |
| } | |
| End {} | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment