Sometimes when you troubleshoot a machine, what’s the first thing you do? Look into the Windows logs right?, And yes it can be a mess, filtering out whats good info, and what’s bad info.
So a friend of mine worked on this scripts, and it too good to not share it.
This script will look into all logbooks then showing last 25 logs in the last 25 minutes, and out-grid all thing, then we can filter it how we want 🙂
Here is the script below:
<#
.Synopsis
Logs.ps1
.DESCRIPTION
Listing last 25 logs in all logbooks 25 minutes back
Created: 2018-09-24
Version: 1.0
Author : Pontus Wendt
Twitter: @pontuswendt
Blog : https://pontuswendt.blog
Disclaimer: This script is provided "AS IS" with no warranties, confers no rights and
is not supported by the author.
.EXAMPLE
NA
#>
$computername = $env:COMPUTERNAME
$logs = Get-WinEvent -computername $computername -listlog *
$logs = $logs | where {$_.recordCount -gt 0}
$logs.count
$events = @()
$i=1
foreach ($log in $logs)
{
$i
Try {
[array]$events+= Get-WinEvent -ComputerName $computername -FilterHashtable @{Logname=$($log.logname)} | select -first 25 | where {$_.Timecreated -gt (get-date).AddMinutes(-25)} | select *,@{name="Eventlogname";Expression={$($log.logname)}}
}
Catch
{
}
$i++
}
$events | Out-GridView
Best part is, you can run it remotely if you want to. Just change the $computername variable.
After you run it, you can start filtering the “errors” if you want to. Just type in Error in the top field.
Good luck troubleshooting!
/Cheers Pontus
