Xenophane's Blog

Imagine that you want to list, the last 15 events in all the eventlogs on the system, do you have to write several lines of codes to do that, like this below??

get-eventlog -logname Application -newest 15
get-eventlog -logname System -newest 15
get-eventlog -logname Application -newest 15

Of course not, PowerShell is much smarter than that…
You can use the ‘foreach’ command.


foreach ($eventlog in (get-eventlog -list -asString)) {write-host $eventlog; get-eventlog $eventlog -newest 15}

This will give you the newest 15 log entries in each of the eventlogs on the system, let me try to break it down.
 One thing that is important to know about PowerShell is how it handles () and {}
As in math the () parenthesis’ are evaluated first, the {} curly brackets are used for compulsory arguments.

The foreach makes the script run through all eventlogs on the system, and add them to the variable $eventlog, then PowerShell evaluates the {} arguments for each.

{write-host $eventlog; get-eventlog $eventlog -newest 15}

simply writes the variable $eventlog (this contains the name of a eventlog on the system) to the screen, then it goes on to invoke the get-eventlog again, and tells that to return the newest 15 entries, and write them to the screen.  

Kiddo… This isnt very readable I would like to have a better indication of when a new eventlog listing is started.

I say we can take a look at the properties of write-host (You can type help write-host -full or man write-host -full)
and low and behold it has a feature called background color and foregroundcolor, let try them out.

foreach ($eventlog in (get-eventlog -list -asString)) {write-host -foregroundcolor blue -backgroundcolor green $eventlog; get-eventlog $eventlog -newest 15}

But kiddo I want some specific properties from the eventlogs, how do I do that….

In order to figure out what properties an obeject has, you can use the get-member command as described in another post.
Get-eventlog -Logname system | get-member (The -logname paramenter is required)
Now you have a list of properties on the eventlog object, say you would like (Index,EventID,TimeGenerated and Message)

foreach ($eventlog in (get-eventlog -list -asString)) {write-host -foregroundcolor blue -backgroundcolor green $eventlog; get-eventlog $eventlog -newest 15| select Index,EventID,TimeGenerated,Message}

Started playing around with PowerShell, so I thought I would post a few simple things on the blog, maybe you won’t find it interesting, but it is a good way for me to remember, so BLAH!.

First in order to get information from the eventlog you call the cmdlet called:
get-eventlog

Then you need to tell it what you want to get.
get-eventlog -logname Application

Which will get you the Application log on the local machine.

That will list the entire Application eventlog to the screen, which is usually a lot of data. So we want to be able to pick specific data out of the eventlog, and here is a way to do it.

get-eventlog -logname Application -newest 50 | where {$_.EventID -eq "1"}

What this does is, it gets the Application eventlog, and gives me an object with the newest 50 entries, i pipe this object into another function called “where”,  I tell “where” to show me all objects where EventID is equal to 1. I this case you see I use $_.EventID, the $_ in powershell represents the object the as being passed into the new function, so in this case $_ represents the newest 50 values in the Application Eventlog.

I recently stumbled upon this little e-book about PowerShell, I have’nt read it from end to end yet, but from what I have read so far, it seems very good… So if you are interested in starting to learn some PowerShell this is a good place to start.
LINK

It happens once in a while that Microsoft releases some really good free tools, a guy named Blake Handler decided to try to make a list of all these tools, to make it easier for people to find them…. The list is very comprehensive and very useful…. So here goes.. LINK

Da Martin ikke kunne finde noget at ønske sig til fødselsdag, blev vi enige om at give ham en “Picnic” tur i Fælledparken, dette skete så i lørdags. Jeg må sige, at vi kunne ikke have ønsket os bedre vejr, til sådan et arrangement.

Solen skinnede fra en skyfri himmel hele dagen, og vi sad i parken fra kl 14.00 til næsten 23.00.

I løbet af dagen grillede vi, spillede en masse frisbee, så min aerobie fik masser af luft… Vi fik da også lige et spil Kubb, hvor Ole og jeg lammetævede Martin & Kresten…. (In your faces monkey boys)

Alt i alt en rigtig hyggelig dag, som jeg håber vi kan gentage næste år, med mindre Martin finder på noget at ønske sig til sin fødselsdag næste år 

Så er jeg ved at være lidt mere frisk igen, ihvertfald så frisk at jeg kan holde ud til at sidde foran computeren
Jeg har ligget med feber og hovedpine siden onsdag… Igår fredag var dog værst hvor jeg havde over 40 i feber, men har fået noget antibiotika så nu håber jeg kun det går fremad