Forum Discussion
monitor remote event lo
Looking for help as I am totally new to powershell.
I need to monitor a server for the event ID 950 in the system log. I need to know if the last timestamp is written is older than 10 minutes.
Any help would be greatly appreciated.
- DarrickBrass Contributor
$TIMETHRESHOLD = 10
$LOGNAME = "System"
$EVENTID = 950
$evtTimeObj = [PSCustomObject]@{
EventID = ""
EventTime = ""
CurrentTime = ""
DeltaTime = ""
}
$eventTime = (Get-EventLog $LOGNAME | Where-Object { $_.EventID -eq $EVENTID }).TimeGenerated | Select-Object -First 1If ($eventTime -ne $null) {
$currentTime = Get-Date
$deltaTime = $currentTime.Subtract($eventTime).Minutes
$evtTimeObj.EventID = $EVENTID
$evtTimeObj.EventTime = $eventTime
$evtTimeObj.CurrentTime = $currentTime
If ($deltaTime -gt $TIMETHRESHOLD) {
$evtTimeObj.DeltaTime = "> $TIMETHRESHOLD mins."
}
else {
$evtTimeObj.DeltaTime = "< $TIMETHRESHOLD mins."
}
Write-Output $evtTimeObj
}
Else {
Write-Host "EventID $EVENTID not found." -ForegroundColor White -BackgroundColor Red
}