-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathGet-CriticalEventLogEntry.ps1
38 lines (34 loc) · 1.31 KB
/
Get-CriticalEventLogEntry.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#requires -version 5.1
#an advanced function that accepts pipeline input
Function Get-CriticalEventLogEntry {
[CmdletBinding()]
[alias('gcel')]
Param(
[Parameter(
Position = 0,
Mandatory,
HelpMessage = 'Specify a Windows event log name like System.'
)]
[ValidateNotNullOrEmpty()]
[string]$LogName,
[Parameter(ValueFromPipeline,HelpMessage = 'Enter the name of the computer to query')]
[ValidateNotNullOrEmpty()]
[string]$Computername = $env:COMPUTERNAME,
[Parameter(HelpMessage = 'Enter the number of events to retrieve between 1 and 1000')]
[ValidateRange(1, 1000)]
[int]$Count = 25
)
Begin {
Write-Verbose "Starting $($MyInvocation.MyCommand)"
}
Process {
Write-Verbose "Getting $LogName entries from $Computername"
Get-WinEvent -FilterHashtable @{LogName = $LogName; Level = 2, 3 } -MaxEvents $Count -ComputerName $Computername |
Select-Object -Property @{Name = 'Computername'; Expression = { $_.MachineName } },
TimeCreated, ID, ProviderName, Message, LevelDisplayName,
@{Name = 'LogName'; Expression = { $_.ContainerLog } }
}
End {
Write-Verbose "Ending $($MyInvocation.MyCommand)"
}
} #close Get-CriticalEventLogEntry