Tuesday, December 3, 2019

Check Problems on Multiple Windows Servers with PowerShell

1. On Linux create a file with vi and hit "i" on the keyboard and paste the data in. On Windows create a file and save it with "All Files" and put .ps1 as the extension. Powershell on Linux does not have the get-eventlog command.

2. Don't forget to change the hostname or point to the file with the list of hostnames:

$logs = get-eventlog system -ComputerName typemyservername -source Microsoft-Windows-Winlogon -After (Get-Date).AddDays(-7);
$res = @(); ForEach ($log in $logs) {if($log.instanceid -eq 7001) {$type = "Logon"} Elseif ($log.instanceid -eq 7002){$type="Logoff"} Else {Continue} $res += New-Object PSObject -Property @{Time = $log.TimeWritten; "Event" = $type; User = (New-Object System.Security.Principal.SecurityIdentifier $Log.ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])}};
$res

Reference:

https://www.codetwo.com/admins-blog/how-to-check-event-logs-with-powershell-get-eventlog/
Share:

0 comments:

Post a Comment