Monitoring Remote Webserver Event Logs

The Get-WMIObject commandlet lets you access a remote event log using the Win32_NTLogEvent class.

This little Powershell script filters the remote event log for IIS-generated entries within a selected date range:

write-host "remote $host eventlog (7 days, most recent first)"


get-wmiobject -computer $host -class Win32_NTLogEvent `
	-filter "logfile = 'Application' and
	(sourcename like 'ASP%') and
	(type = 'error' or type = 'warning') and
	(TimeGenerated >='$recent')" |
sort-object @{ expression = {$_.TimeWritten} } -descending |
select SourceName, TimeGenerated, Message |
	@{Expression = { $_.SourceName}; Width = 20; Label="SourceName"},
	@{Expression = { $_.TimeGenerated.Substring(0, 14) };
		Width = 16; Label="Timestamp"}, Message

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: