eventlog.ps1 - powershell script by ActiveXperts Software
eventlog.ps1 checks whether certain events exist in a Event Log.
Use eventlog.ps1 directly from ActiveXperts Network Monitor; in the Manager's 'Monitor' menu, select 'New Check (Script)' and select eventlog.ps1. Configure the required parameter, or press 'Load a working sample'.
In ActiveXperts Network Monitor, Administrators can use three different scripting languages: Powershell, VBScript and SSH.
eventlog.ps1 script code
#################################################################################
# ActiveXperts Network Monitor PowerShell script, © ActiveXperts Software B.V.
# For more information about ActiveXperts Network Monitor, visit the ActiveXperts
# Network Monitor web site at http://www.activexperts.com
#################################################################################
# Script
# EventLog.ps1
# Description:
# Checks if an event is present into the EventLog
# Declare Parameters:
# 1) strHost (string) - Hostname or IP address of the computer you want to ping
# 2) strEvtLogFile (string) - Name of the Logfile, for instance: Application
# 3) strEventID (string) - EventCode, for instance: '8000'. Use the '*' wildcard to select all
# 4) strEvtSource (string) - Name of the Source, for instance ''AxNmSvc'. Use the '*' wildcard to select all
# 5) strEvtDescriptionPattern (string)- Pattern to match in the description. Use the '*' wildcard to select all
# 6) bErrorWhenFound (string) - When 1 or more events are matched, result is: Error or Success
# 7) strAltCredentials (string, optional) - Specify an empty string to use Network Monitor service credentials.
# To use alternate credentials, enter a server that is defined in Server Credentials table.
# (To define Server Credentials, choose Tools->Options->Server Credentials)
# Usage:
# .\EventLog.ps1 '<Hostname | IP>' '<Application | System | ...>' <event_id> '<Source Name>' '<Pattern>' '<$true | $false>
# Sample:
# .\EventLog.ps1 'localhost' 'application' '1' 'AxNmSvc' 'ActiveXperts Network Monitor' '$false'
#
# This function uses of the 'ActiveXperts.NMWev' ActiveX control to access Windows .evt and .evtx Event Logs on remote computers.
# The control simplifies the XPath programming logic, by providing easy-to-use functions to access event logs.
# ActiveXperts.NMWev data members:
# - LastError. Use it to check the result of a function. After a call to a function, LastError will be 0 for success, or else a positive error code.
# Error codes can be lookup up here: http://www.activexperts.com/support/errorcodes/
# ActiveXperts.NMWev functions:
# - Initialize( LogFile As String ). Initializes the 'ActiveXperts.NMWev' object. Pass a valid log filename for troubleshooting purposes/
# - Shutdown(). Call it to unintialize the object. Should always be called at the end of the script.
# - Clear(). Clears the LastError property of the object.
# - BuildQuery( EventLog As String, FilterSource As String, FilterEventID As String, FilterTaskCategory As String, FilterUser As String, FilterData As String, LevelFlags As Number, TimeSpanMilliseconds As Number )
# Function returns an XPath string that can be used in FindFirstEvent's first parameter.
# Use the ActiveXperts Event Log Diagnostic Utility to see how XPath queries are defined. Such XPath string can be simply copy/pasted into this script, instead of using 'BuildQuery'.
# - GetLevelFlag( Information As Boolean, LevelWarning As Boolean, LevelError As Boolean, LevelCritical As Boolean, LevelVerbose As Boolean, LevelSuccess As Boolean, LevelFailure As Boolean )
# The function returns a number value that can be used as input parameter to BuildQuery's LevelFlags parameter.
# - Connect( Host As String, AlternateUser As String, AlternatePassword As String )
# Establishes a connection to a (remote) host.
# AlternateUser and AlternatePassword should only be set in case alternate credentials should be used.
# - Disconnect
# Disconnects the connected session.
# - FindFirstEvent( XPathQuery As String, MatchDescription As String, MatchDescriptionCase As Boolean, MatchDescriptionRegExpression As Boolean )
# The function returns the first event (As String).
# Parameter XPathQuery: can be defined by BuildQuery function.
# Parameter MatchDescription: the description pattern that should be matched, or empty if no pattern matching should be used.
# Parameter MatchDescriptionCase: if MatchDescription is set, this parameter tells whether or not case senstsitive matching should be performed.
# Parameter MatchDescriptionRegExpression: if MatchDescription is set, this parameter tells whether or not case regular expressions are used in MatchDescription
# - FindNextEvent()
# Retrieves the next event. Should always be called after a successfull call to FindNextEvent.
#################################################################################
# -- Declare Parameters
param( [string]$strHost = '', [string]$strLogName = '', [string]$strEventID = '', [string]$strEvtSource = '', [string]$strEvtDescriptionPattern = '', [string]$bErrorWhenFound = $false, [string]$strAltCredentials = '' )
# -- Use _activexperts.ps1 with common functions
. 'C:\Program Files\ActiveXperts\Network Monitor\Scripts\Monitor (ps1)\_activexperts.ps1'
#################################################################################
# // --- Main script ---
#################################################################################
# -- Clear screen and clear error
set-psdebug -strict
cls
$Error.Clear()
# -- Validate parameters, return on parameter mismatch
if( $strHost -eq '' -or $strLogName -eq '' -or -$strEventID -eq '' -or $strEvtSource -eq '' -or $strEvtDescriptionPattern -eq '' )
{
$res = 'UNCERTAIN: Invalid number of parameters - Usage: .\EventLog.ps1 "<Hostname | IP>" "<Application | System | ...>" "<event_id>" "<Source Name>" "<Pattern>" "<$true | $false>"'
echo $res
exit
}
# -- Declare local variables by assigning initial value
$strExplanation = ''
$objAltCredentials = $null
$objNmWev = new-object -comobject ActiveXperts.NMWev
# If alternate credentials are specified, retrieve the alternate login and password from the ActiveXperts global settings
if( $strAltCredentials -ne '' )
{
# Get the Alternate Credentials object. Function "AxGetCredentials" is implemented in "_activexperts.ps1"
if( ( AxGetCredentials $strHost $strAltCredentials ([ref]$objAltCredentials) ([ref]$strExplanation) ) -ne $AXSUCCESS )
{
echo $strExplanation
exit
}
}
# Initialze EventLog object. Optional parameter: a log file, for debugging purposes
$objNmWev.Initialize( '' )
if( $objNmWev.LastError -ne 0 )
{
$res = 'ERROR: Failed to connect'
echo $res
exit
}
if( $strAltCredentials -ne '' )
{
$objNmWev.Connect( $strHost, $objAltCredentials.Username, $objAltCredentials.Password )
}
else
{
$objNmWev.Connect( $strHost, '', '' )
}
if( $objNmWev.LastError -ne 0 )
{
$res = 'ERROR: Failed to connect'
echo $res
exit
}
# Get Level Flag.
# Param1: Information Events (yes/no)
# Param2: Warning Events (yes/no)
# Param3: Error Events (yes/no)
# Param4: Critical Events (yes/no)
# Param5: Verbose Events (yes/no)
# Param6: Success Events (yes/no)
# Param7: Failure Events (yes/no)
$numLevelFlag = $objNmWev.GetLevelFlag( $true, $true, $true, $true, $true, $true, $true )
# Get Query string.
# Param1: Event Log File, e.g. "Application"
# Param2: Event Source. Use '*' for any source
# Param3: Event ID. Use '*' for any event ID
# Param4: Event Category. Use '*' for any event category
$strQuery = $objNmWev.BuildQuery( $strLogName, $strEvtSource, $strEventID, '*', '*', '*', $numLevelFlag , 0 )
# Get First event
# Param1: The Query
# Param2: Description to match. If empty, no description pattern matching will be performed
# Param3: Description matching case sensitive (yes/no)
# Param4: Use regular expressions for pattern matching (yes/no)
# NOTE: we're not making use of regular expressions. (change the latter to True if you wish!)
# However, it is nice to have '*' as any description. Let's convert '*' to '' because that's what most people expect.
if( $strEvtDescriptionPattern -eq '*' )
{
strEvtDescriptionPattern = ''
}
$strEvent = $objNmWev.FindFirstEvent( $strQuery, $strEvtDescriptionPattern, $false, $false )
$numEvents = 0
while( $objNmWev.LastError -eq 0 )
{
$numEvents += 1
$strEvent = $objNmWev.FindNextEvent()
}
$objNmWev.FindEventClose()
if( $bErrorWhenFound -and ( $numEvents -gt 0 ) )
{
$res = 'SUCCESS: Events found: [' + $numEvents + ']' + 'DATA:' + $numEvents
}
else
{
$res = 'ERROR: Events found: [' + $numEvents + ']' + 'DATA:' + $numEvents
}
# Disconnect
$objNmWev.Disconnect()
# Uninitialize
$objNmWev.Shutdown()
echo $res
#################################################################################
trap [Exception]
{
$res = 'UNCERTAINs: ' + $_.Exception.Message
echo $res
exit
}