Friday, January 23, 2009

# Takes Event Log queries...and finds elapsed time from event
# E.G .  6005..6009 | %{.\EventLogQueries.ps1 System $_ }

if ($args[0] -eq $Null) {$Log_Type = "System"} else {$Log_Type = $args[0]}
if ($args[1] -eq $Null) {$Event_ID = 6009} else {$Event_ID = $args[1]}

# query Event Log
$EventLog = get-eventlog -log $Log_Type
$EventID = $EventLog | ?{$_.eventID -eq $Event_ID}

# If EventID is null, discard query
if  ($EventID -ne $NULL) 
{
    # Find Elapsed Time and Generate Array    
    write "Event ID -- Date/Time -- Elapsed Time (D.H.M.S)"
    $LogType_EventID_MsgProperty = $EventID | %{$_.TimeGenerated}
    $count = ($LogType_EventID_MsgProperty).count - 1
    $curr_date = get-date
    $array = $LogType_EventID_MsgProperty[0..$count] | %{($curr_date - $_)}
    
    # Report Data
    0..$count | %{
    $days = $array[$_].days;
    $hours = $array[$_].hours;
    $minutes = $array[$_].minutes;
    $seconds = $array[$_].seconds;
    $date = $LogType_EventID_MsgProperty[$_];
    write "$Event_ID -- $date -- $days.$hours.$minutes.$seconds";}
 } 

Output:
PS >6005..6009 | %{.\EventLogQueries.ps1 System $_ }
Event ID -- Date/Time -- Elapsed Time (D.H.M.S)
6005 -- 01/15/2009 22:40:17 -- 7.15.0.2
6005 -- 01/09/2009 09:52:51 -- 14.3.47.28
6005 -- 01/07/2009 17:39:39 -- 15.20.0.40
6005 -- 01/05/2009 18:30:06 -- 17.19.10.13
6005 -- 01/05/2009 11:01:59 -- 18.2.38.20
6005 -- 12/24/2008 11:20:21 -- 30.2.19.58
6005 -- 12/21/2008 10:01:15 -- 33.3.39.4
6005 -- 12/19/2008 09:23:52 -- 35.4.16.27
6005 -- 12/11/2008 08:04:59 -- 43.5.35.20
6005 -- 12/03/2008 08:10:23 -- 51.5.29.56
Event ID -- Date/Time -- Elapsed Time (D.H.M.S)
6006 -- 01/15/2009 09:28:14 -- 8.4.12.6
6006 -- 01/09/2009 09:52:04 -- 14.3.48.16
6006 -- 01/07/2009 17:38:05 -- 15.20.2.15
6006 -- 01/05/2009 11:00:36 -- 18.2.39.44
6006 -- 12/19/2008 09:22:42 -- 35.4.17.38
6006 -- 12/11/2008 08:03:46 -- 43.5.36.34
Event ID -- Date/Time -- Elapsed Time (D.H.M.S)
6009 -- 01/15/2009 22:40:17 -- 7.15.0.5
6009 -- 01/09/2009 09:52:51 -- 14.3.47.31
6009 -- 01/07/2009 17:39:39 -- 15.20.0.43
6009 -- 01/05/2009 18:30:06 -- 17.19.10.16
6009 -- 01/05/2009 11:01:59 -- 18.2.38.23
6009 -- 12/24/2008 11:20:21 -- 30.2.20.1
6009 -- 12/21/2008 10:01:15 -- 33.3.39.7
6009 -- 12/19/2008 09:23:52 -- 35.4.16.30
6009 -- 12/11/2008 08:04:59 -- 43.5.35.23
6009 -- 12/03/2008 08:10:23 -- 51.5.29.59

No comments: