Establishes a remote connection to specified device and queries server logs based on user specified criteria. (Log name, Log Level, Start and End times). If user does not provide log search criteria, a set of defaults are set: [System, Application with Critical, Errors, and Warnings for the last 24 hours]. If no logs are found that match the cri…

Get-ServerLogs

<#
.SYNOPSIS
    Retrieves specified logs from remote host for time period specified
.DESCRIPTION
    Establishes a remote connection to specified device and queries server logs based on user specified criteria. (Log name, Log Level, Start and End times). If user does not provide log search criteria, a set of defaults are set: [System, Application with Critical, Errors, and Warnings for the last 24 hours]. If no logs are found that match the criteria a result is returned to the user to easily place in a ticket or other correspondence.
.EXAMPLE
    $creds = Get-Credential;Get-ServerLogs -HostName Server01 -Credential $creds

    Retrieves server logs with all defaults: System & Application will be queried for Warning, Error, Critical, for the last 24 hours. User will be prompted to supply creds.
.EXAMPLE
    Get-ServerLogs -HostName Server01 -Credential $creds -Level 1 -Verbose

    Retrieves System & Application Critical only, for the last 24 hours. User will be prompted to supply creds.
.EXAMPLE
    Get-ServerLogs -HostName Server01 -Credential $creds -LogName System -Level 1,2 -StartDate '2018-11-04 17:30:31.0' -EndDate '2018-11-04 18:30:31.0'

    Queries System log for Critical and Errors for the specified time period of 1 hour. Note, various date formatting inputs are accepted.
.EXAMPLE
    Get-ServerLogs -HostName Server01 -Credential $creds -LogName System,Application,*DHCP* -Level 1,2

    Queries System, Application, and all DHCP logs for Criticals and Errors within the last 24 hours
.EXAMPLE
    Get-ServerLogs -HostName Server01 -Credential $creds -LogName System,Application,*DHCP* -Level 1,2 -Verbose

    Queries System, Application, and all DHCP logs for Criticals and Errors within the last 24 hours with verbose output
.PARAMETER HostName
    Hostname of destination machine
.PARAMETER Credential
    Admin credentials for destination machine
.PARAMETER LogName
    Name of logs you wish to pull results from
    Examples: System,Application | cluster: *Fail* | DHCP: "*DHCP*"
    If nothing is specified System & Application are chosen by default
.PARAMETER Level
    Log level you wish to query
    Verbose 5
    Informational 4
    Warning 3
    Error 2
    Critical 1
    LogAlways  0
.PARAMETER StartDate
    Starting DateTime
    If nothing is chosen the start time is set to 24 hours in the past
.PARAMETER EndDate
    Ending DateTime
    If nothing is chosen the end time is set to the current time.
.OUTPUTS
    Selected.System.Diagnostics.Eventing.Reader.EventLogRecord
.NOTES
    Author: Jake Morrison - @jakemorrison - http://techthoughts.info
.COMPONENT
    The component this cmdlet belongs to
#>
function Get-ServerLogs {
    [cmdletbinding()]
    param (
		[Parameter(Mandatory = $true,
			HelpMessage = 'Hostname of destination machine')]
		[string]$HostName,
		[Parameter(Mandatory = $true,
		    HelpMessage = 'Admin credentials for destination machine')]
		[pscredential]$Credential,
		[Parameter(Mandatory = $false,
			HelpMessage = 'Name of logs you wish to pull results from')]
        [string[]]$LogName = @("System","Application"),
        [Parameter(Mandatory = $false,
            HelpMessage = 'Log level you wish to query')]
        [ValidateRange(1, 5)]
		[int[]]$Level = (1,2,3),
		[Parameter(Mandatory = $false,
            HelpMessage = 'Starting DateTime')]
        [datetime]$StartDate = (Get-Date).AddDays(-1),
        [Parameter(Mandatory = $false,
            HelpMessage = 'Ending DateTime')]
		[datetime]$EndDate = (Get-Date)
    )
    Write-Verbose -Message "Building filter..."
    $finalLogString = @()
    foreach($log in $LogName){
        $finalLogString += $log
    }#foreach_LogName
    $finalLevel = @()
    foreach($number in $Level){
        $finalLevel += $number
    }#foreach_Level
    Write-Verbose -Message "Log Name: $finalLogString"
    Write-Verbose -Message "Level: $finalLevel"
    Write-Verbose -Message "StartTime: $StartDate"
    Write-Verbose -Message "EndTime: $EndDate"
    #create filter hashtable
    $filter = @{
        LogName = $finalLogString
        Level = $finalLevel
        StartTime = $StartDate
        EndTime = $EndDate
    }
    Write-Verbose -Message "Attempting to gather logs from $HostName ..."
    try{
        $a = Get-WinEvent -FilterHashTable $filter -ComputerName $HostName -Credential $Credential -ErrorAction Stop
        Write-Verbose -Message "Log capture complete."
    }#try_Get-WinEvent
    catch{
        Write-Verbose $_
        if ($_.Exception -like "*that match*") {
            $a = $null
        }#if_error_no_match
        else{
            Write-Warning "An error was encountered capturing logs from $HostName"
            Write-Error $_
            return
        }#else_error_no_match
    }#catch_Get-WinEvent
    if ($a) {
        Write-Verbose -Message "Processing logs results..."
        $results = $a | Select-Object TimeCreated,LogName,ProviderName,LevelDisplayName,Message
    }#if_logsNull
    else{
        Write-Verbose -Message "No logs were found that matched this search criteria."
        $results = [PSCustomObject]@{
            HostName  = $HostName
            LogName	  = $finalLogString
            Level     = $finalLevel
            StartTime = $StartDate
            EndTime   = $EndDate
            Status    = "No logs were found that matched this search criteria."
        }
    }#else_logsNull
    return $results
}#Get-ServerLogs