I am using the following code to export errors and warnings from all event logs into one text file.
It works but is very slow and some of the messages are truncated. I wondered if there was a more efficent way of coding it. I'm new to powershell so would appreciate your thoughts or ideas.
$Logs = Get-Winevent -ListLog *
foreach ($Log in $Logs) {
Get-WinEvent -LogName $Log.LogName -ErrorAction SilentlyContinue | ?{$_.Level -eq 1 -or $_.Level -eq 2 -or $_.Level -eq 3} | Sort-Object ProviderName, TimeCreated -descending | Out-String -Width 1000 | Format-Table -AutoSize | Tee-Object -file "c:\common\logs\Eventlog_Export.log" -Append
}
This took me about 30 seconds. You can filter by date too.
$Logs = Get-Winevent -ListLog *
foreach ($Log in $Logs) {
Get-WinEvent -filterhashtable #{logname = $Log.LogName; level=1,2,3} -ErrorAction SilentlyContinue |
select LogName,TimeCreated,Id,LevelDisplayName,Message |
export-csv -append log.csv
}
level=1,2,3 doesn't work over invoke-command for some reason.
Related
Noob here, I need to extract some data from a cim interrogation of a list of servers, however the csv output is just the same reiteration of the local server, with the sum total equaling the number of lines in the input file. I think I'm doing something wrong with the array but Ive been beating my head. Help?
$ErrorActionPreference = 'SilentlyContinue'
#Define Some Variables
$importpath = "c:\directory1"
$workingpath = "c:\directory2"
#Do Some Filtering
Import-CSV -Path "$importpath\somefile.csv" | where {$_.Powerstate -ne "PoweredOff"} | where Guest -notlike *somestring* | Export-Csv "$workingPath\PRODUCTION.csv" -NoTypeInformation
Import-csv -Path "$workingPath\PRODUCTION.csv" | Select-Object -Property Name | Export-Csv -Path "$workingpath\SERVERS.csv" -NoTypeInformation
#Create final input foreach routine
Import-CSV -Path "$workingpath\SERVERS.csv" | Out-file $workingpath\SERVERS.txt
$servers = Get-Content -path "$workingpath\SERVERS.txt"
$results = foreach ($server in $servers) {
Get-CimInstance -ClassName win32_OperatingSystem -ErrorAction SilentlyContinue | Select-Object *
}
$results | Export-Csv -Path "$workingPath\PRODUCTIONRESULTS.csv" -NoTypeInformation -Append
Try including the computername when you run the Get-CimInstance command
$results = foreach ($server in $servers) {
Get-CimInstance -ComputerName $server -ClassName win32_OperatingSystem -ErrorAction SilentlyContinue | Select-Object *
}
How do I properly use $_ in out-file? Here's my code:
get-content computers.txt |
Where {$_ -AND (Test-Connection $_ -Quiet)} |
foreach { Get-Hotfix -computername $_ } |
Select CSName,Description,HotFixID,InstalledBy,InstalledOn |
convertto-csv | out-file "C:\$_.csv"
I'm trying to execute a get-hotfix for all the computers listed in the text file then I want them to be exported to CSV with the computer name as the filename.
You need one pipeline to process the computers.txt files, and a nested one inside the foreach to process the list of hotfixes for each computer:
get-content .\computers.txt |
Where {$_ -AND (Test-Connection $_ -Quiet)} |
foreach {
Get-Hotfix -computername $_ |
Select CSName,Description,HotFixID,InstalledBy,InstalledOn |
convertto-csv | out-file "C:\$_.csv"
}
Edit: Changed computers.txt to .\computers.txt, as this is required for local paths in powershell
i can see with this:
get-content .\computers.txt | Where {$_ -AND (Test-Connection $_ -Quiet)} | foreach{ Get-Hotfix -id KB4012212 -computername $_ | Select CSName,Description,HotFixID,InstalledBy,InstalledOn | convertto-csv | out-file "C:\$_.csv" }
i can see only in which PC is the fix (KB4012212) installed.
it's possible to see the following
CSNAME Fix(Inst/NotInst)
PC1 FIxInstalled
PC2 FixNotinstalled
PC3 FixnotInstalled
..
..
etc
I monkeyed with this for a while and nothing I found on-line worked until I used this combo.
I used the method is this thread but it was SO slow and I wanted to learn more about using jobs so this is what ended up working for me on Windows 7 PS Ver 4.
All other options were either too slow or did not return data from the remote system.
$VMs = get-content C:\WinVms.txt #Generate your hostnames list however you deem best.
foreach ($vm in $vms)
{
Write-Host "Attempting to get hotfixes on:" $vm
invoke-command -computername $vm -ScriptBlock {start-job -scriptblock {(get-hotfix | sort installedon)[-1]} | wait-job | receive-job} -AsJob
}
start-sleep 60 # give it a minute to complete
get-job | ? { $_.state -eq "Completed"} | receive-job -keep | export-csv c:\temp\win-patch.csv
you can check your failures too like this:
get-job | ? { $_.state -eq "Failed"}
Im trying extract a report from AD of a list of devices that have BitLocker enabled.
We have a Win 2008 r2 Domain Controller and most of our devices are Win 10 with a few Win 8.1 in the mix.
I'm no expert in power shell but have used it in the past on an amateur level. I found the following command online and tried it but when viewing the .CSV all fields are populated except for the "BitlockerPasswordSet" field.
Does anyone have any ideas on how to fix this or better yet a solution they have used that works?
Thanks in advance!
Param (
[string]$SearchBase = "OU=Office-UK,DC=MyDomainName,DC=local"
)
Try { Import-Module ActiveDirectory -ErrorAction Stop }
Catch { Write-Warning "Unable to load Active Directory module because $($Error[0])"; Exit }
Write-Verbose "Getting Workstations..." -Verbose
$Computers = Get-ADComputer -Filter * -SearchBase $SearchBase -Properties LastLogonDate
$Count = 1
$Results = ForEach ($Computer in $Computers)
{
Write-Progress -Id 0 -Activity "Searching Computers for BitLocker" -Status "$Count of $($Computers.Count)" -PercentComplete (($Count / $Computers.Count) * 100)
New-Object PSObject -Property #{
ComputerName = $Computer.Name
LastLogonDate = $Computer.LastLogonDate
BitLockerPasswordSet = Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation'" -SearchBase $Computer.distinguishedName -Properties msFVE-RecoveryPassword,whenCreated | Sort whenCreated -Descending | Select -First 1 | Select -ExpandProperty whenCreated
}
$Count ++
}
Write-Progress -Id 0 -Activity " " -Status " " -Completed
$ReportPath = "C:\temp\BitLockerComputerReport.csv"
Write-Verbose "Building the report..." -Verbose
$Results | Select ComputerName,LastLogonDate,BitLockerPasswordSet | Sort ComputerName | Export-Csv $ReportPath -NoTypeInformation
Write-Verbose "Report saved at: $ReportPath" -Verbose
I am trying to get all the list of KB installed on multiple servers and get the last reboot time of the system. My requirement is to get the result in csv or text format with column name "Hostname" , "KB Name" , "installed by" , "installed on" and "Last reboot". I have to execute 2 script to get this done and then i have to format it and i dont want other columns which i am receiving from code 1 only limited column are required.. Can some please help me to get the same format which i reuired?
Output required in below format :
"Source" "Description" "HotFixID" "InstalledBy" "InstalledOn" "Last Reboot"
Please find below 2 code.
FYI : I am new to powershell.
Code 1: This will list all KB installed patch.
$computers = Get-Content -path "C:\Users\joy\Desktop\Machine_List.txt"
$patches = Get-Content -path "C:\Users\joy\Desktop\KB_List.txt"
foreach ($computer in $computers){
foreach ($patch in $patches){
Get-HotFix -id $patch -ComputerName $computer | -OutVariable results -ErrorAction SilentlyContinue
if ($results -ne $null) {
$results | Out-File C:\Users\joy\Desktop\report1.txt -Append -Force
}
else {
Add-content "$Patch is not Present in $computer" -path "C:\Users\joy\Desktop\report2.txt"
}
}
Code 2: This will get the last reboot of the system.
$machines = Get-Content C:\Users\joy\Desktop\Machine_List.txt
$report = #()
$object = #()
foreach($machine in $machines)
{
$machine
$object = gwmi win32_operatingsystem -ComputerName $machine | select csname, #{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}}
$report += $object
}
$report | Export-csv C:\Users\joy\Desktop\Reboot.csv
$computers = Get-Content C:\Users\XXXXXXXX\Desktop\Machine_List.txt
$patchlist = Get-Content C:\Users\XXXXXXXX\Desktop\KB_List.txt
foreach($computer in $computers)
{
Get-HotFix -ComputerName $computer -Id $patchlist | select
InstalledOn,InstalledBy,Description,HotFixID,__SERVER | Format-Table | Out-File
C:\Users\XXXXXXXX\Desktop\report1.txt
#Get-CimInstance -ClassName Win32_Operatingsystem | select csname, lastbootuptime |
Format-Table |Out-File C:\Users\XXXXXXXX\Desktop\report1.txt
gwmi win32_operatingsystem -ComputerName $computer | select csname,
#{LABEL='LastBootUpTime';EXPRESSION={$_.ConverttoDateTime($_.lastbootuptime)}} | Out-
File C:\Users\XXXXXXXX\Desktop\report1.txt -Append
}
Try this, This will allow you to get information what you are looking for. But this script only get installed patches information from the remote machines, If you want add one more loop to print the patches which are installed on another text file.
The code below makes an md5 and other metadata fingerprint, but crashes on files with unknown corruption (e.g., files, that can be copied, mostly even opened, but that can not be hashed or zipped up [to disguise their corruption]).
Question: How one makes this code to skip or ignore any problem files and just do the rest? Imagine 1 million files on 8 TB.
Get-childitem -recurse -file |
Select-object #{n="Hash";e={get-filehash -algorithm MD5 -path $_.FullName |
Select-object -expandproperty Hash}},lastwritetime,length,fullname |
Export-csv "$((Get-Date).ToString("yyyyMMdd_HHmmss"))_filelistcsv_MD5_LWT_size_path_file.csv" -notypeinformation
Try this:
$errLogPath = "$((Get-Date).ToString("yyyyMMdd_HHmmss"))_filelistcsv_MD5_LWT_size_path_file_ERROR.csv"
Get-childitem -recurse -file |
foreach-object {
$file = $_
try {
$hash = Get-FileHash -Algorithm MD5 -path $file.FullName -ErrorAction Stop
$file | Add-Member -MemberType NoteProperty -Name Hash -Value $hash.Hash -PassThru
} catch {
$file |
add-Member -MemberType NoteProperty -Name Exception -Value $_.Exception.Message -PassThru |
Select-Object -Property Name, FullName, Exception |
Export-Csv -Path $errLogPath -append -notypeinformation
}
} |
select-object -Property Hash, LastWriteTime, Length, FullName |
Export-csv "$((Get-Date).ToString("yyyyMMdd_HHmmss"))_filelistcsv_MD5_LWT_size_path_file.csv" -notypeinformation
Each file is processed through the foreach-object cmdlet. A try...catch is used to capture exceptions, and an -ErrorAction Stop parameter is added to get-FileHash to ensure Terminating errors are raised and will trigger the catch.
If an error is caught, the file name, path and exception message are output to a CSV file.
EDIT: Adding in the progress bar
$logPath = "$((Get-Date).ToString("yyyyMMdd_HHmmss"))_filelistcsv_MD5_LWT_size_path_file.csv"
$errLogPath = "$((Get-Date).ToString("yyyyMMdd_HHmmss"))_filelistcsv_MD5_LWT_size_path_file_ERROR.csv"
write-host "Counting files ..."
$maxFileCount = 0; get-childItem -recurse -file | % { $maxFileCount +=1 }
write-host "Hashing files ..."
$currFileCount = 0
Get-childitem -recurse -file |
foreach-object {
$file = $_
Write-Progress -Activity "Hashing Files" -Status ( "{0}/{1} - {2}" -f $currFileCount, $maxFileCount, $File.FullName ) -PercentComplete (($currFileCount++)/$maxFileCount*100)
try {
$hash = Get-FileHash -Algorithm MD5 -path $file.FullName -ErrorAction Stop
$file | Add-Member -MemberType NoteProperty -Name Hash -Value $hash.Hash -PassThru
} catch {
$file |
add-Member -MemberType NoteProperty -Name Exception -Value $_.Exception.Message -PassThru |
Select-Object -Property Name, FullName, Exception |
Export-Csv -Path $errLogPath -append -notypeinformation
}
} |
select-object -Property Hash, LastWriteTime, Length, FullName |
Export-csv -Path $logPath -notypeinformation