PowerShell Script: Retrieve Specific Event ID’s From Event Log On Multiple Computers

 

This script was put together very quickly to accomplish the objective stated in the title.

    1: #requires -version 2.0
    2: <#
    3: author: Johan Vosloo
    4: date: 24/11/2011
    5: purpose: Retrieve event id’s from multiple machines and add to a CSV file.
    6: #>
    7: Try
    8:     {
    9:     $servers=get-content c:\scripts\servers.txt
   10:     $date=(Get-Date).AddDays(-7)
   11:     foreach ($server in $servers)
   12:         {
   13:         if (test-connection $server -quiet)
   14:             {
   15:             $arr1+=get-eventlog -logname system -cn $server -after $date | ?{$_.eventid -eq "21" -or $_.eventid -eq "4201"} | select MachineName,EventID,EntryType,Message
   16:             $arr2+=get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "902" -or $_.eventid -eq "1003"} | select MachineName,EventID,EntryType,Message
   17:             $arr3+=get-eventlog -logname "windows powershell" -cn $server -after $date | ?{$_.eventid -eq "4004"} | select MachineName,EventID,EntryType,Message
   18:             }
   19:         }
   20:         if ($arr1)
   21:             {$arr1 | export-csv c:\scripts\sysoutput.csv -notypeinformation}
   22:         else
   23:             {"No matching system log events found..."}
   24:         if ($arr2)
   25:             {$arr2 | export-csv c:\scripts\appoutput.csv -notypeinformation}
   26:         else
   27:             {"No matching application log events found..."}
   28:         if ($arr3)
   29:             {$arr3 | export-csv c:\scripts\psoutput.csv -notypeinformation}
   30:         else
   31:             {"No matching powershell log events found..."}
   32:     }
   33: Catch
   34:     {
   35:     "An error occurred"
   36:     }

Requirements:

• PowerShell v2.0
• A servers.txt file in a c:\scripts folder