Forum Discussion

faf1967's avatar
faf1967
Copper Contributor
Dec 14, 2018

monitor remote event lo

Looking for help as I am totally new to powershell. 

 

I need to monitor a server for the event ID 950 in the system log. I need to know if the last timestamp is written is older than 10 minutes.

 

Any help would be greatly appreciated.

  • Darrick's avatar
    Darrick
    Brass Contributor

    $TIMETHRESHOLD = 10

    $LOGNAME = "System"

    $EVENTID = 950

    $evtTimeObj = [PSCustomObject]@{
        EventID = ""
        EventTime = ""
        CurrentTime = ""
        DeltaTime = ""
    }

    $eventTime = (Get-EventLog $LOGNAME | Where-Object { $_.EventID -eq $EVENTID }).TimeGenerated | Select-Object -First 1

     

    If ($eventTime -ne $null) {
        $currentTime = Get-Date
        $deltaTime = $currentTime.Subtract($eventTime).Minutes

        $evtTimeObj.EventID = $EVENTID
        $evtTimeObj.EventTime = $eventTime
        $evtTimeObj.CurrentTime = $currentTime
        
        If ($deltaTime -gt $TIMETHRESHOLD) {
            $evtTimeObj.DeltaTime = "> $TIMETHRESHOLD mins."
        }
        else {
            $evtTimeObj.DeltaTime = "< $TIMETHRESHOLD mins."
        }
        Write-Output $evtTimeObj
    }
    Else {
        Write-Host "EventID $EVENTID not found." -ForegroundColor White -BackgroundColor Red
    }

Resources