header image

Archive for Events

Scanning event logs

Posted by: | October 3, 2013 | No Comment |

My post on scanning event logs on multiple machines using a workflow went live on the Scripting Guy blog yesterday –

http://blogs.technet.com/b/heyscriptingguy/archive/2013/10/02/the-admin-s-first-steps-scan-multiple-event-logs.aspx

under: Events, PowerShell Basics, PowerShell V3

Computer Report III: Eventlog service

Posted by: | July 3, 2011 | No Comment |

The batch file has a separate report for event log service status

wmic service where name="EventLog" get Name, SystemName, StartMode, Status

PowerShell translation

Get-WmiObject -Class Win32_Service -Filter "Name=’Eventlog’" | Select Name, SystemName, StartMode, Status

 

This becomes a very simple function

function get-eventstate{             
[CmdletBinding()]             
param (             
   [string]$computer="localhost"            
)             
BEGIN{}#begin             
PROCESS{            
            
Write-Verbose "Get Service"            
Get-WmiObject -Class Win32_Service -Filter "Name='Eventlog'" -ComputerName $computer |             
Select Name, SystemName, StartMode, Status            
            
}#process             
END{}#end            
            
}

 

As with all of the functions we’ve seen in this series if you want the output on screen run as

get-eventstate

but if you want a file creating

get-eventstate | out-file c:\scripts\eventstate.txt

under: Events, PowerShell and WMI

Watching the file arrival

Posted by: | January 25, 2011 | No Comment |

I picked up a question in the ITKE forums about a script to watch the file system

 

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
function eventhandler {
param ($e)
 Write-Host "File: $($e.SourceEventArgs.FullPath) has arrived"
}

$folder = "C:\test"
$filter = "*"
$fsw = New-Object -TypeName System.IO.FileSystemWatcher `
-ArgumentList $folder, $filter
$fsw.IncludeSubDirectories = $true

$action = {eventhandler $($event)}

Register-ObjectEvent -InputObject $fsw -EventName "Created" `
 -SourceIdentifier "File System Creation" -Action $action

 

The event handler function accepts the event as a parameter and writes out that a file has been received. You can put anything in here eg a mail message could be sent.

The folder and filter (all files) are set and we define the FileSystemWatcher object which we set to include subdirectories

The action is defined and the event is registered.

dot source the script when you run it

under: Events, File System, PowerShellV2

PowerShell UG May 2010

Posted by: | May 3, 2010 | No Comment | 

When: Tuesday, May 18, 2010 7:30 PM (BST)

Where: Live Meeting 

*~*~*~*~*~*~*~*~*~*

PowerShell eventing using WMI, .NET and the PowerShell engine

Notes



Richard Siddaway has invited you to attend an online meeting using Live Meeting.
Join the meeting.
Audio Information
Computer Audio
To use computer audio, you need speakers and microphone, or a headset. 
First Time Users:
To save time before the meeting, check your system to make sure it is ready to use Microsoft Office Live Meeting. 
Troubleshooting
Unable to join the meeting? Follow these steps: 


    

  1. Copy this address and paste it into your web browser: 
    https://www.livemeeting.com/cc/usergroups/join

  2. Copy and paste the required information: 
    Meeting ID: 39Q7T9 
    Entry Code: Q&x!_63dP 
    Location: https://www.livemeeting.com/cc/usergroups 
    3. 



If you still cannot enter the meeting, contact support


Notice
Microsoft Office Live Meeting can be used to record meetings. By participating in this meeting, you agree that your communications may be monitored or recorded at any time during the meeting. 





	



                

                under: Events, PowerShell User Group, PowerShellV2

                                


			  

			

	
						
			

			  


				
Reminders


                   Posted by:  | November 18, 2009 | No Comment | 

			  

			  

			    


       
	
If I am working on my home machine I don’t necessarily have Outlook or any other application that gives me calendaring capability open. There are times when I need a simple reminder to do something. For some reason I always seem to have PowerShell open so I thought of using the eventing system to give me a reminder.  I could also do this via the task scheduler functions in the PowerShellPack  (Windows 7 Resource kit) which I’ll look at another day.










001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020




function Set-Alarm {
param (
        [datetime]$time,
        
        [string]$msg = "Alert Issued"
      )      


    $now = Get-Date 
    if ($time -gt $now) {$ts = $time  $now}
    else {throw "Time has to be in future"}
        
    $timer = New-Object -TypeName System.Timers.Timer
    $timer.Interval = $ts.TotalMilliseconds
    $timer.AutoReset = $false
    $timer.Enabled = $true
    
    $global:act = "Start-Process powershell -ArgumentList ""-Sta -WindowStyle Hidden -File C:\Scripts\WPF\show-alert.ps1 """"$msg"""" "" "
    
    Register-ObjectEvent -InputObject $timer -EventName Elapsed -SourceIdentifier TimeAlert  -Action {Invoke-Expression -Command $act }
} 










 


My function accepts a time and a message


Set-Alarm "18:47" "Test1"


It then gets the current time, compares the two times and assuming the alert is to be issued in the future creates a Timespan object be subtracting the times as shown.


We can then create  .NET timer object and set the interval to the total number of milliseconds in our timespan. We only want it to fire once so we set autoReset to false and then enable the timer.


I then create a global variable containing the powershell start up commands.  In this case I want it to start in Single Thread mode so I can use the WPF classes.  I call a script when PowerShell starts and pass the script the message.  Note the number of quotes around the $msg variable – this is to make sure the string passed to invoke-expression is correct.  This is messy but needed.


The $act variable has to be global because the action scriptblock for Register-objectevent isn’t evaluated until the event fires.  If $act is in the script scope it won’t be found and the event won’t fire correctly.


 










001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018




param (
[string]$msg = "Testing",
[string]$title = "Alert"
)
## load WPF assemblies
Add-Type –assemblyName PresentationFramework
Add-Type –assemblyName PresentationCore
Add-Type –assemblyName WindowsBase


## create a window
$window = New-Object -TypeName System.Windows.Window
$window.Title = $title
$window.Content = $msg
$window.FontSize = 36
$window.SizeToContent = "WidthAndHeight"


## display window
$null = $window.ShowDialog() 










 


The script loads the WPF assemblies I need and then creates a window and writes out the message thats been passed in.


This is a bit messy with having to create a global variable but I can’t think of a simpler way to access the variable in the scriptblock for Register-objectevent. The other issue is that I can only have a single event of this type defined because of the variable.  I would need to create the variable with a random name and create another string of the Register-objectevent  invocation.


Technorati Tags: ,,





	



                

                under: Events, PowerShellV2, WPF

                                


			  

			

	
				

	
	

	  
Categories