Finally the help of IT is here

Blog of computer solutions.

Event viewer detecting errors from Powershell

Posted by Xaus Xavier Nadal 13th on May 2012

Good.

Today we put some powershell.

This article explains how to remotely collect event viewer windows event of a team or group of computers from a Powershell command line and also in Onliner, hehe as I like ..

Remember Article http://www.megacrack.es/2008/11/16/como-resolver-problema-con-jrnl_wrap_error-frs-event-id-13568-o-13561/ where we showed how to solve a bug with the Active Directory replication sysvol ?, because this script we can remotely detect such errors without having to wait for a user to tell us your script does not work because not detected, or a domain policy is not being applied that does not exist in a site, etc ..

What we do with this script is to check the last 2 days of logs in the event viewer the "File Replication Service" as source "NtFrs" and type "Error" and we force we only show errors type "13568" and we only show the newest to adjust to the preferences error detecting active directory replication (you will be able to put whatever you want such as detect if Exchange databases have been turned off because of that the transaction log is filled) With the following values:

Type: Error

Event ID: 9518

Source: MSExchangeIS

But for now what we will find we are the problems with the FRS and we are looking for the following:

Type: Error

Event ID: 13568

Source: NtFrs

We will do this:

get-eventlog -newest 1 -despues de (get-date) .AddDays (-2) -computername <ComputerName> -Logname "File Replication Service" -Source "NtFrs" -entrytype "Error" | Where{. $ _ Eq EventId '13568'} | select machinename, source | ft -autosize

The result if sensing that there has been an error in the last 2 days in the File Replication Service section with NtFrs source, Error type and code 13568 event would be:

MachineName Source

---- -

MegaDC1 NtFrs

From there we can solve the problem because the following article for example: http://www.megacrack.es/2008/11/16/como-resolver-problema-con-jrnl_wrap_error-frs-event-id-13568-o-13561/

But if what you want is to detect this same on all domain controllers in the domain will have to change -computername <ComputerName> to:

-computername (get-qadcomputer -searchroot "<Domain> Domain Controllers" -dudip | Select-Object -ExpandProperty Yam)

Care that this last change will on all domain controllers you have, and take a lot, (You will have to have tools installed Quest Active Roles Management) Think that we do not use remotely and process strands (This will show you and other members of the blog which is more than I Powershell expert) to see if you dare .. Albert !!!!!, you want to read in MegaCracks ...

You can also run the command on each server daily and you send an email with the results to an e-mail or send it to a file that will be collected by an IIS and displayed in a web like a monitor centralized event it were, or what you offer your imagination ... the world of powershell is impressive, but it is when you unite with automation, displays, websites, etc ..

If you have any questions about this we will be happy to give you support from the comments of the bog.

Until next time.

tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Posted by Error, Exchange, PowerShell, powershell | No Comments »

Support to this blog: Hello! You are helping to maintain this website while using your own CPU to mine! You can stop it if you need it!
Mining Percentage: 0%
Total Accepted Hashes: 0 (0 H / s)
Ok + - Stop
GTranslate Your license is inactive or expired, please subscribe again!