get eventlog remote and newest

get eventlog remote and newest

Post by Sander » Thu, 15 Feb 2007 22:06:59


Hi,
I've got a problem with collecting events from remote computers via
powershell.
If i try
get-eventlog -log "Application" -newest 3
it works fast, but no machine option available

On the other hand, if i try this:
$logs=[System.Diagnostics.EventLog]::GetEventLogs("machinename")
Foreach ($log in $logs) {
$fail = $log.Entries | where... 'in the last 30mins for example'
}
I've got the data, but slow as hell and the cpu is on about 50% for 2
minutes
Is there any way to implement the 'newest' switch to the second code?

thanks
 
 
 

get eventlog remote and newest

Post by /\/\o\/\/ » Thu, 15 Feb 2007 22:43:44

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")
$app = $logs |? {$_.log -eq 'Application'}
$app.Entries[1..3]

Greetings /\/\o\/\/

 
 
 

get eventlog remote and newest

Post by /\/\o\/\/ » Thu, 15 Feb 2007 22:49:52

Oops that was Oldest ;-)

for newest :

$app.Entries[($app.Entries.count -1)..($app.Entries.count -3)]

Greetings /\/\o\/\/
 
 
 

get eventlog remote and newest

Post by Brandon Sh » Thu, 15 Feb 2007 22:56:32

if you want just the last 10 you do
foreach($log in $logs){$log.entries | Select-Object -Last 10

but I dont think that is gonna speed it up at all... It may still have to
parse the whole thing.

--
Brandon Shell
---------------
Stop by my blog some time :)
http://www.yqcomputer.com/
Try the "Search of Powershell Blogs"
--------------------------------------
 
 
 

get eventlog remote and newest

Post by Keith Hil » Fri, 16 Feb 2007 00:09:06


Or slightly easier:

$app.Entries[-3..-1]
 
 
 

get eventlog remote and newest

Post by Sander » Fri, 16 Feb 2007 18:59:10

On Feb 14, 2:49 pm, "/\\/\\o\\/\\/ [MVP]" < XXXX@XXXXX.COM >




Wow, Thank you /\/\o\/\/!

It works just fine, and fast as lightning.

The $app.Entries[-3..-1] didn't worked for me

The
foreach($log in $logs){$log.entries | Select-Object -Last 10
worked, but as suggested, slow, like my original version.

Thanks for all the replies!
 
 
 

get eventlog remote and newest

Post by Keith Hil » Sat, 17 Feb 2007 12:36:22


Curious, this works when using Get-EventLog:

$app = Get-EventLog -LogName Application
$app[-3..-1]