But now, welcome to the world of powershell, you can get the same thing done in just a command.
Let me walk you through the command.
I know, this very novice and guys who know powershell already might think, what, this is just a piece of cake, well, i am going to mention it anyway.
Get-EventLog -LogName system | Where-Object { $_.eventID -eq 50036}
Looks a bit big ? and confusin ?? :) , well it isn't that complicated, as you will soon see.
Side note: In powershell, the execution of the statements happen from "Left" to "Right" side of the command.
On the first block of the command, we have the "Get-Eventlog" statment, this is a powershell commandlet which lets you to get information from the eventlog, it could be from the application eventlog or the system eventlogs.
Well, you may go try just that by typing "Get-Eventlog", but you can see that it asks you which eventlog it wants to access, then when you key in either "System" of "Application", it will then show you all the eventlogs in the entire server for that particular section.
We don't want that? do we ? , we need to search the eventlog for a specific event id , in our eg., event id : 50036
Our first part of the command gets us the entire eventlog and displays that information on to the powershell console
"Get-EventLog -LogName system" - Here the System Eventlog
Our last segment of the command , includes the below statment.
| Where-Object { $_.eventID -eq 50036}
You see the first sign in the beginning, well, that is not a l or 1,, it is a pipe sign, well the blogger site doesnt have another font which will show the sign clearly, well you get my point ?
So what we are doing here with this sign ? we are taking the results of the first command which is to get the System eventlog and then pass it to the next segment .
Once the data is passed on to the next segment, you can modify the data as you wish, may be do a little sorting and formatting, but there it is, it is all yours to play around, but for our little command, we just need to filter a particular event.
Where-Object - this command let is similar to a SQL query or if you are familiar with scripting, something like if then statement.
The Where-Object checks the all the items passed to it for the conditions listed within those curly braces, here we have specified, that "$_.eventid -eq 50036" , interesting little symbol there? did you notice that ?? i meant the "$_" , well you can read all about that variable in the below link:
http://www.computerperformance.co.uk/powershell/powershell_variables.htm
To say bluntly it is the current object variable, in our case the eventlog collection of events from the system eventlog.
so our command in complete says that, for each and every event, check if the eventid property of that particular event matches 50036.
So, that is it, let me try this on my test workstation, and see how the output comes out to be :)
Looks like it did the trick,, well it is really getting late for me, and I am going to sleep now, it is 7AM in the morning and my eyes are shutting off, so is my machine.Please comment, if you have any questions or have something to say about this blog.
~f0x
தெய்வத்தால் ஆகாதெனினும் முயர்ச்சி தன்
மெய்வருத்த கூலி தரும்.
No comments:
Post a Comment