SCENARIO
You want to get a specific event from multiple remote computers. For example, you want to find 1074 events in the System log, but you want to pull those events from a bunch of computers.POWERSHELL SCRIPT
<#
This script collects event log info from remote computers. It relies on a .csv file that lists the computers you want logs from.
Point the computer list and folder to the location of your .csv. You may want to change the -Newest switch value.
This will only pull info from the Windows event logs. You will have to spell the name of the log correctly.
#>
# File Locations
$ComputerList = "C:\Scripts\computerlist.csv"
$ResultFolder = "C:\Scripts\Results"
# Variables for get-eventlog command
$Logname = Read-Host "What log would you like to get (Application / System / Security)"
$EventID = Read-Host "What is the EventID you are looking for"
$Outputfile = Read-Host "What do you want the log to be named (no file extension)"
# Loop that goes through each machine.
$list = Import-Csv $ComputerList
foreach ($machine in $list) {
$machinename = $machine.pcname
# Does network connection test as a condition.
if (Test-Connection $machinename -Count 1 -ErrorAction 0 -Quiet) {
# Get log from remote computer
Write-Host "Getting requested eventID information from **** $machinename ****"
Get-EventLog -LogName $Logname -ComputerName $machinename -Newest 10000 | Where-Object {$_.EventID -eq $EventID} | Export-Csv $ResultFolder\$Outputfile.csv -Append -NoTypeInformation
}
}
Write-Host "Check the following location for the results - $ResultFolder\$Outputfile"
The easiest way to use it is to just copy the script into the PowerShell ISE and run it. Use at your own risk.
No comments:
Post a Comment