cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

monitor remote event lo

faf1967
Copper Contributor

‎Dec 14 2018 07:22 AM

‎Dec 14 2018 07:22 AM

monitor remote event lo

Looking for help as I am totally new to powershell. 

 

I need to monitor a server for the event ID 950 in the system log. I need to know if the last timestamp is written is older than 10 minutes.

 

Any help would be greatly appreciated.

Labels:
681 Views
1 Like
1 Reply
Reply
1 Reply
Darrick

‎Dec 19 2018 09:36 AM - edited ‎Dec 20 2018 03:48 AM

‎Dec 19 2018 09:36 AM - edited ‎Dec 20 2018 03:48 AM

Re: monitor remote event lo

$TIMETHRESHOLD = 10

$LOGNAME = "System"

$EVENTID = 950

$evtTimeObj = [PSCustomObject]@{
    EventID = ""
    EventTime = ""
    CurrentTime = ""
    DeltaTime = ""
}

$eventTime = (Get-EventLog $LOGNAME | Where-Object { $_.EventID -eq $EVENTID }).TimeGenerated | Select-Object -First 1

 

If ($eventTime -ne $null) {
    $currentTime = Get-Date
    $deltaTime = $currentTime.Subtract($eventTime).Minutes

    $evtTimeObj.EventID = $EVENTID
    $evtTimeObj.EventTime = $eventTime
    $evtTimeObj.CurrentTime = $currentTime
    
    If ($deltaTime -gt $TIMETHRESHOLD) {
        $evtTimeObj.DeltaTime = "> $TIMETHRESHOLD mins."
    }
    else {
        $evtTimeObj.DeltaTime = "< $TIMETHRESHOLD mins."
    }
    Write-Output $evtTimeObj
}
Else {
    Write-Host "EventID $EVENTID not found." -ForegroundColor White -BackgroundColor Red
}

0 Likes
Reply