Monitoring Remote Webserver Event Logs

The Get-WMIObject commandlet lets you access a remote event log using the Win32_NTLogEvent class.

This little Powershell script filters the remote event log for IIS-generated entries within a selected date range:

write-host "remote $host eventlog (7 days, most recent first)"

$d=Get-Date
$recent=[System.Management.ManagementDateTimeConverter]::
	ToDMTFDateTime($d.AddDays(-7))

get-wmiobject -computer $host -class Win32_NTLogEvent `
	-filter "logfile = 'Application' and
	(sourcename like 'ASP%') and
	(type = 'error' or type = 'warning') and
	(TimeGenerated >='$recent')" |
sort-object @{ expression = {$_.TimeWritten} } -descending |
select SourceName, TimeGenerated, Message |
format-table
	@{Expression = { $_.SourceName}; Width = 20; Label="SourceName"},
	@{Expression = { $_.TimeGenerated.Substring(0, 14) };
		Width = 16; Label="Timestamp"}, Message

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: