使用 PS 从 Windows 日志中提取事件时间
Extract Event Time from Windows Log using PS
我正在执行这个 powershell 脚本来检查 Windows 事件日志查看器的特定作业结果。
它正在运行,但是我卡在了一部分上...
我正在尝试做的是提取 last/most 最近事件 time/date 并将其添加到退出代码。
"Task Completed Successfully at **_______**"
我环顾四周并尝试了几种不同的方法但没有成功...不是最好的PS,有人可以帮忙吗?
Param(
[string]$Task,
[string]$PastMinutes
)
$StartAt = (Get-Date).AddMinutes(-$PastMinutes)
$ErrorActionPreference = "SilentlyContinue"
$action = (Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-TaskScheduler/Operational"; id=102; StartTime=$StartAt} |
Where-Object {($_.Message -like $Task) -and ($_.Message -like "Task Scheduler Successfully Finished*")})
if ($action.count -ne "0") {
Write-Host "OK: "$Task" Task Completed Successfully at _______!"
Exit 0
} else {
Write-Host "CRITICAL: "$Task" Task Failed to Complete!"
Exit 2
}
我真的很讨厌将代码压缩成超长行,直到它几乎不可读。
由于 $action(s) 有一个 .TimeCreated 属性,我会使用它。
这可能有效:
Param(
[string]$Task,
[string]$PastMinutes
)
$StartAt = (Get-Date).AddMinutes(-$PastMinutes)
$ErrorActionPreference = "SilentlyContinue"
$FilterHashTable = @{
logname = "Microsoft-Windows-TaskScheduler/Operational"
id = 102
StartTime = $StartAt
}
$actions = (Get-WinEvent -FilterHashtable $FilterHashTable |
Where-Object {($_.Message -like $Task) -and
($_.Message -like "Task Scheduler Successfully Finished*")})
## set negative result hopefully overwritten by action
$Result = "CRITICAL: {0} Task Failed to Complete!" -F $Task
if ($actions){
ForEach($action in $actions){
$Result = "OK: {0} Task Completed Successfully at {1}" -F $Task,$action.TimeCreated
}
}
我正在执行这个 powershell 脚本来检查 Windows 事件日志查看器的特定作业结果。
它正在运行,但是我卡在了一部分上...
我正在尝试做的是提取 last/most 最近事件 time/date 并将其添加到退出代码。
"Task Completed Successfully at **_______**"
我环顾四周并尝试了几种不同的方法但没有成功...不是最好的PS,有人可以帮忙吗?
Param(
[string]$Task,
[string]$PastMinutes
)
$StartAt = (Get-Date).AddMinutes(-$PastMinutes)
$ErrorActionPreference = "SilentlyContinue"
$action = (Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-TaskScheduler/Operational"; id=102; StartTime=$StartAt} |
Where-Object {($_.Message -like $Task) -and ($_.Message -like "Task Scheduler Successfully Finished*")})
if ($action.count -ne "0") {
Write-Host "OK: "$Task" Task Completed Successfully at _______!"
Exit 0
} else {
Write-Host "CRITICAL: "$Task" Task Failed to Complete!"
Exit 2
}
我真的很讨厌将代码压缩成超长行,直到它几乎不可读。
由于 $action(s) 有一个 .TimeCreated 属性,我会使用它。
这可能有效:
Param(
[string]$Task,
[string]$PastMinutes
)
$StartAt = (Get-Date).AddMinutes(-$PastMinutes)
$ErrorActionPreference = "SilentlyContinue"
$FilterHashTable = @{
logname = "Microsoft-Windows-TaskScheduler/Operational"
id = 102
StartTime = $StartAt
}
$actions = (Get-WinEvent -FilterHashtable $FilterHashTable |
Where-Object {($_.Message -like $Task) -and
($_.Message -like "Task Scheduler Successfully Finished*")})
## set negative result hopefully overwritten by action
$Result = "CRITICAL: {0} Task Failed to Complete!" -F $Task
if ($actions){
ForEach($action in $actions){
$Result = "OK: {0} Task Completed Successfully at {1}" -F $Task,$action.TimeCreated
}
}