Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
  Managing Exchange 2000/2003 using PowerShell - Part 3

Managing Exchange 2000/2003 using PowerShell - Part 3
Page 1  

 

Managing Exchange 2000/2003 using PowerShell - Part 1
 Managing Exchange 2000/2003 using PowerShell - Part 2

In part 1 and part 2 of this series, I covered the basics of how to start getting Exchange specific information easily out of the WMI classes specific to Exchange using PowerShell.

 

In this article I'm going to cover how to deal with event log's on remote servers. The reasoning here is that most server exist in a locked down environment and the average admin will be running admin scripts on his/her local workstation.

 

How do we do it?

Again were going to turn to WMI. PowerShell 1.0  has some great event log cmdlets for local event log management, these same cmdlets don't allow access to a remote machine.

 

 

Let's start off by querying WMI for a list of event logs using the NT event log class

Were going to be using the same commands we're familiar with by now to query a WMI class on a remote machine and format the output.

 

Get-WmiObject Win32_NTEventLogFile –ComputerName 2003Server  | Format-List

 

 

While informational, this isn't to useful yet, although I can see what Event logs exist on this machine.

 

 

To get INTO the event logs and see the contents, we need to use a different WMI class – Win32_NTLogEvent

 

Get-WmiObject Win32_NTLogEvent

 

However, all this will give us is a long list of every event in every event log. Not all that useful. By using the WHERE cmdlet we can severely limit the output to one log only. For example

 

            Get-WmiObject Win32_NTLogEvent -ComputerName 2003Server | where {$_.logfile -eq "System"}

 

returns every event log in the System event log. Again, to much information. Let's limit the output again by expanding our WHERE cmdlet and adding some formatting, and selecting only the fields we want :

 

Get-WmiObject Win32_NTLogEvent -ComputerName 2003Server | where {$_.logfile -eq "System" -AND $_.type -EQ "Error”} | Select TimeGenerated, Message | Format-Table –Auto

 

You'll notice though that this takes several minutes to return and is nowhere near as efficient as the built-in event log cmdlets. A different way to run the same query would be:

 

Get-WmiObject -query " Select Logfile, Eventcode, TimeGenerated, Message from Win32_NTLogEvent where LogFile='Application' AND EventCode='1001'" | Select TimeGenerated, Message | Format-List

 

 

Notice that each query needs a bit of time to run as the event log is parsed every time a query is run. A more efficient way to do this would be to dump an entire event log into a variable periodically and search the variable. But that's going to be for another article.

 

Managing Exchange 2000/2003 using PowerShell - Part 3

 Nicolas Blank Page 1

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008