Categories

Events

Scanning event logs

My post on scanning event logs on multiple machines using a workflow went live on the Scripting Guy blog yesterday -

http://blogs.technet.com/b/heyscriptingguy/archive/2013/10/02/the-admin-s-first-steps-scan-multiple-event-logs.aspx

Computer Report III: Eventlog service

The batch file has a separate report for event log service status

wmic service where name="EventLog" get Name, SystemName, StartMode, Status

PowerShell translation

Get-WmiObject -Class Win32_Service -Filter "Name='Eventlog'" | Select Name, SystemName, StartMode, Status

 

This becomes a very simple function

function get-eventstate{             
[CmdletBinding()]             
param (             
   [string]$computer="localhost"            
)             
BEGIN{}#begin             
PROCESS{            
            
Write-Verbose "Get Service"            
Get-WmiObject -Class Win32_Service -Filter "Name='Eventlog'" -ComputerName $computer |             
Select Name, SystemName, StartMode, Status            
            
}#process             
END{}#end            
            
}


 



As with all of the functions we’ve seen in this series if you want the output on screen run as



get-eventstate



but if you want a file creating



get-eventstate | out-file c:\scripts\eventstate.txt

Watching the file arrival

I picked up a question in the ITKE forums about a script to watch the file system

 

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016

function eventhandler {
param ($e)
 Write-Host "File: $($e.SourceEventArgs.FullPath) has arrived"
}


$folder = "C:\test"
$filter = "*"
$fsw = New-Object -TypeName System.IO.FileSystemWatcher `
-ArgumentList $folder, 
$filter
$fsw
.IncludeSubDirectories = 
$true

$action
 = {eventhandler $($event)}

Register-ObjectEvent -InputObject $fsw -EventName "Created" `
 -SourceIdentifier "File System Creation" -Action $action

 

The event handler function accepts the event as a parameter and writes out that a file has been received. You can put anything in here eg a mail message could be sent.

The folder and filter (all files) are set and we define the FileSystemWatcher object which we set to include subdirectories

The action is defined and the event is registered.

dot source the script when you run it

PowerShell UG May 2010


When: Tuesday, May 18, 2010 7:30 PM (BST)


Where: Live Meeting

*~*~*~*~*~*~*~*~*~*


PowerShell eventing using WMI, .NET and the PowerShell engine

Notes



Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset.
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting.
Troubleshooting
Unable to join the meeting? Follow these steps:

  1. Copy this address and paste it into your web browser:
    https://www.livemeeting.com/cc/usergroups/join
  2. Copy and paste the required information:
    Meeting ID: 39Q7T9
    Entry Code: Q&x!_63dP
    Location: https://www.livemeeting.com/cc/usergroups

If you still cannot enter the meeting, contact support

Notice
Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting.

Reminders

If I am working on my home machine I don’t necessarily have Outlook or any other application that gives me calendaring capability open. There are times when I need a simple reminder to do something. For some reason I always seem to have PowerShell open so I thought of using the eventing system to give me a reminder.  I could also do this via the task scheduler functions in the PowerShellPack  (Windows 7 Resource kit) which I’ll look at another day.

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
function Set-Alarm {
param (
        [datetime]$time,
       
        [string]$msg = "Alert Issued"
      )     

    $now = Get-Date 
    if ($time -gt $now) {$ts = $time - $now}
    else {throw "Time has to be in future"}
       
    $timer = New-Object -TypeName System.Timers.Timer
    $timer.Interval = $ts.TotalMilliseconds
    $timer.AutoReset = $false
    $timer.Enabled = $true
   
    $global:act = "Start-Process powershell -ArgumentList ""-Sta -WindowStyle Hidden -File C:\Scripts\WPF\show-alert.ps1 """"$msg"""" "" "
   
    Register-ObjectEvent -InputObject $timer -EventName Elapsed -SourceIdentifier TimeAlert  -Action {Invoke-Expression -Command $act }
}

 

My function accepts a time and a message

Set-Alarm "18:47" "Test1"

It then gets the current time, compares the two times and assuming the alert is to be issued in the future creates a Timespan object be subtracting the times as shown.

We can then create  .NET timer object and set the interval to the total number of milliseconds in our timespan. We only want it to fire once so we set autoReset to false and then enable the timer.

I then create a global variable containing the powershell start up commands.  In this case I want it to start in Single Thread mode so I can use the WPF classes.  I call a script when PowerShell starts and pass the script the message.  Note the number of quotes around the $msg variable – this is to make sure the string passed to invoke-expression is correct.  This is messy but needed.

The $act variable has to be global because the action scriptblock for Register-objectevent isn’t evaluated until the event fires.  If $act is in the script scope it won’t be found and the event won’t fire correctly.

 

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
param (
[string]$msg = "Testing",
[string]$title = "Alert"
)
## load WPF assemblies
Add-Type –assemblyName PresentationFramework
Add-Type –assemblyName PresentationCore
Add-Type –assemblyName WindowsBase

## create a window
$window = New-Object -TypeName System.Windows.Window
$window.Title = $title
$window.Content = $msg
$window.FontSize = 36
$window.SizeToContent = "WidthAndHeight"

## display window
$null = $window.ShowDialog()

 

The script loads the WPF assemblies I need and then creates a window and writes out the message thats been passed in.

This is a bit messy with having to create a global variable but I can’t think of a simpler way to access the variable in the scriptblock for Register-objectevent. The other issue is that I can only have a single event of this type defined because of the variable.  I would need to create the variable with a random name and create another string of the Register-objectevent  invocation.

Technorati Tags: ,,