1

I have a couple of servers I want to get the event log data from. All I want is on a daily basis each event grouped by event id and the number of times the event occurred. The information is then stored in a CSV file that is sent to me via email. I am able to get this information into a CSV file but cannot seem to find a way to remove the type information even if I include the -NoTypeInformation. I have made various modification with no luck on how the data is presented but if I export it to a txt file it seems to come out file. Please recommend a solution. I know the get-eventlog statements have 2 export-csv statements at this time because I was trying a post from an example I saw online. 

$hostname = hostname
$Filecsv = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).csv"

#$Filetxt = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).txt"
$yesterday = [DateTime]::Today.AddDays(-1).AddHours(00)
$Today = [DateTime]::Today.AddDays(-1).AddHours(24)

#Get-Eventlog -Logname Application | Where-Object {$_.Timegenerated -ge (Get-Date).AddDate(-1)} | Export-Csv Temp.csv -Encoding Unicode
#[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

#$applog = 
get-eventlog -log application -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement | export-csv Temp.csv -NoTypeInformation -Delimiter "," -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 


get-eventlog -log System -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 
get-eventlog -log security -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

$CredUser = "[email protected]"
$CredPassword = Read-host "What is your password?" # -AsSecureString
$smtpServer = "smtp.ExchangeServer.com"
$smtp = new-object Net.Mail.SmtpClient($smtpServer, 587)
$att = new-object Net.Mail.Attachment($Filecsv)
$msg = new-object Net.Mail.MailMessage
$msg.From = "[email protected]"
$msg.To.Add("[email protected]")
$msg.Subject = "$hostname Server Event logs Information $yesterday  to $today"
$msg.Body = "Event logs. "
$msg.Attachments.Add($att)
$smtp.EnableSsl = $true 
$smtp.Credentials = New-Object System.Net.NetworkCredential($CredUser, $CredPassword);
$smtp.Send($msg)
$att.Dispose()
Improve this question

3 Answers 3

Reset to default
0

If you just want the total numbers from all logs you could do it like this:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % { Get-Eventlog -Log $_ -After $today.AddDays(-1) -Before $today } `
  | group EventID `
  | select @{n='EventID';e={[int]($_.Name)}}, Count `
  | sort @{e='Count';d=$true}, @{e='EventID';d=$false} `
  | Export-Csv $csv -NoType

If you want the numbers per log, I'd include the log name in the result:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % {
  $log = $_
  Get-Eventlog -Log $log -After $today.AddDays(-1) -Before $today `
    | group EventID `
    | select @{n='Log';e={$log}}, @{n='EventID';e={[int]($_.Name)}}, Count `
    | sort @{e='Count';d=$true}, @{e='EventID';d=$false}
} | Export-Csv $csv -NoType
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you the second one with the numbers per log is exactly what I was looking for. appreciate that.
0

This will create 3 csv files, one per log file:

'application','system','security' | foreach{
    get-eventlog -log $_ -After ([datetime]::today) | 
    group eventid -noel | sort count -desc | 
    export-csv "eventLog_$_.csv" -notype
}
Improve this answer

1 Comment

That's good but the results look like this and I would like all the systems fields to not be returned just the count and the name so I can later import that into a SQL database. Values Count Group Name System.Collections.ArrayList 94 System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] 4672
0

If I'm reading the question right, I think this might work:

$Today = Get-Date
$yesterday = (Get-Date).AddDays(-1)

filter hash-events 
 { $Event_ht[$_.EventID]++ }

foreach ($log in 'System','Application','Security')
   {
    $Event_ht = @{}
    get-eventlog -logname $log -after $yesterday  -before $Today | hash-events

    $(foreach ($EventID in $Event_ht.keys)
      {
        [PSCustomObject]@{EventID = $EventID;Count=$Event_ht[$EventID]}
      }) | 
           Export-Csv "$log.csv" -NoTypeInformation
  }

The filter is a admittedly a little unconventional, but it's faster in the pipeline than foreach-object.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.