Event log script question

Author Message
sdm44990

  • Total Posts : 18
  • Scores: 0
  • Reward points : 0
  • Joined: 1/26/2007
  • Status: offline
Event log script question Thursday, June 25, 2009 9:52 AM (permalink)
0
I am having issues getting this really handy script to sort right by using events that have happened in the last day or so.   How would I need to sort out the lastwrite comment to filter out the dates first so I don't iterate all of the previous days events?  Any help would be greatly appreciated!
 
I have added the get-date variables and the lastwrite like the author suggested but when I try to run an filter for the and statement I get no return on event IDs even though they exist in the log.
 
$Now = Get-Date
$lastWrite = $Now.AddDays(-1)
-and($_.TimeWritten -ge $lastWrite)
 
 
====================CODE==============================
#
# Microsoft PowerShell Source File
#
# NAME: EvtLogReader.ps1
#
# AUTHOR: Jesse Hamrick
# DATE : 11/5/2008
# Web : www.powershellpro.com
#
# ==================================================
# EvtLogReader.ps1 script converted into a Function
Function EvtReader {
#Connect to Computer Security Event Log.
$logs = [System.Diagnostics.EventLog]::GetEventLogs(’servername’)
$colItems = $logs[9].entries
foreach ($item in $colItems){
if(($item.EventID -eq 4728)-or($item.EventID -eq 4729)-or`
($item.EventID -eq 4732)-or($item.EventID -eq 4737)-or`
($item.EventID -eq 4733)-or($item.EventID -eq 4735)){
“DC Reporting : ” + $item.MachineName
“Event ID: ” + $item.EventID
“Time Written: ” + $item.TimeWritten
“Category: ” + $item.Category
“Entry Type: ” + $item.EntryType
“UserName: ” + $item.UserName
“Data: ” + $item.Data
“Source: ” + $item.Source
“Time Generated: ” + $item.TimeGenerated
“Message: ” + $item.Message
“====================================================”
” ”
}
}
}
# ====================================================
# Create new .NET object and assign to variable
$mail = New-Object System.Net.Mail.MailMessage
# Set the addresses (FROM:)
$mail.From = New-Object System.Net.Mail.MailAddress(”username@domain.com”);
# Set the Recipient Address (TO:)
$mail.To.Add(”user.name@domain.com”);
# Email Subject
$mail.Subject = “DC Security Logs”;
# Message Body - Call Function Here
$mail.Body = EvtReader;
# Connect to your mail server
$smtp = new-object System.Net.Mail.SmtpClient(”server@domain.com”);
# Uncomment line below if authentication is required
# $smtp.Credentials = New-Object System.Net.NetworkCredential(”username”, “passwd”);
# Send Mail
$smtp.Send($mail);

 
#1
    ebgreen

    • Total Posts : 8227
    • Scores: 98
    • Reward points : 0
    • Joined: 7/12/2005
    • Status: online
    RE: Event log script question Friday, June 26, 2009 1:34 AM (permalink)
    0
    You need to check for date compliance in the same place that you are checking the even IDs.
    "... when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick
    Goog places to start:http://www.visualbasicscript.com/m_24727/tm.htm
    http://www.visualbasicscript.com/m_47117/tm.htm
     
    #2

      Online Bookmarks Sharing: Share/Bookmark

      Jump to:

      Current active users

      There are 0 members and 1 guests.

      Icon Legend and Permission

      • New Messages
      • No New Messages
      • Hot Topic w/ New Messages
      • Hot Topic w/o New Messages
      • Locked w/ New Messages
      • Locked w/o New Messages
      • Read Message
      • Post New Thread
      • Reply to message
      • Post New Poll
      • Submit Vote
      • Post reward post
      • Delete my own posts
      • Delete my own threads
      • Rate post

      2000-2012 ASPPlayground.NET Forum Version 3.9