在AD找旧电脑不准确?

时间:2016-09-20 21:05:20

标签: powershell

使用Get-EventLog命令。前3个命令按预期工作。 

Get-EventLog Application -Newest 1000 | Select Message
Get-EventLog System -Newest 1000 | Select Message
Get-EventLog Security -Newest 1000 | Select Message

但这不起作用

Get-EventLog Setup -Newest 1000 | Select Message

这不起作用

Get-EventLog setup

为什么?我们想要捕获的安装程序中存在WSUS错误。

1 个答案:

答案 0 :(得分:0)

对不起,这有点长,但我很喜欢尝试/捕获语句和过度沟通。

#requires -Version 2.0
function RemoteEventLog([Parameter(Mandatory=$true)]$LogName, $MaxEvents,[Parameter(Mandatory = $true)]$computers, $LogPath)
{
  <#
  .SYNOPSIS
  Gather remote event logs by log name by computer names.

  .DESCRIPTION
  Specifiy a log name to narrow down the search. Provide as many computernames as needed.

  .PARAMETER maxevents
  -maxevents is all about how many events.

  .PARAMETER computers
  The array or list of comma separated computer names to run the script through.

  .PARAMETER LogPath
  -LogPath will let you decide the parent folder of the location to store the logs by computer name.

  .EXAMPLE
  RemoteEventLog -logname Application -maxevents 1000 -computers ('host1','host2','host3')
  This will loop through the computers and bring back the log for each computer.
#>

$computers = $computers -split (',')
try
{
  $testLogPath = Test-Path $LogPath
}
catch
{
  "Error was $_"
  $line0 = $_.InvocationInfo.ScriptLineNumber
  "Error was in Line $line0"
}
if(!($testLogPath))
{
  try
  {
    New-Item -Path $LogPath -ItemType Directory -ErrorAction:Stop
  }
  catch
  {
    "Error was $_"
    $line1 = $_.InvocationInfo.ScriptLineNumber
    "Error was in Line $line1"
  }
}

foreach($computer in $computers)
{ 
  try
  {
    $log = Get-WinEvent -LogName $logName -MaxEvents $maxevents -ComputerName $computer -ErrorAction:Stop
}
catch
{
  "Error was $_"
  $line2 = $_.InvocationInfo.ScriptLineNumber
  "Error was in Line $line2"
}

try
{
  New-Item -Path $LogPath -Name ("$computer.evt") -Value $log -Force
  $log | Out-File -FilePath $LogPath     
}
catch
{
  "Error was $_"
  $line3 = $_.InvocationInfo.ScriptLineNumber
  ('Error was in Line {0}' -f $line3)
  }
}
}

RemoteEventLog -logname Application -MaxEvents 100 -computers 'localhost,computer2,computer3' -LogPath D:\Desktop\logs
相关问题
最新问题