Event Log reviewing Help

by Jan 19, 2011

Hello World!   I could really use a had improving this script.  The intended use for this script is as follows:

>I'll use a VPN to connect to various client sites,
>I'll run the script to gather the event logs from each server and show only the errors from the past 30 days
>The report will then display in an easy to ready web page

I have found that I need to use the 'Get-WinEvent' command because I'll be running this script from a non domain PC and I do not want to setup up any sort of trust from my client to home PC.

Because the various server could have different logs (Domain Controller vs File Server vs DNS Server) a what to be able to ask each server what logs they have then check them for the errors.

I know that {Get-WinEvent -listlog * | Where {$_.IsClassicLog -eq 'True'} will get the log list but it is extremely slow over the VPN.

I'm also unsure how to add this into the script because I already have the for each (can you have a for each in a for each?)

Here is what I have working so far, any assistance on the requested changes would be greatly appreciated!:

$FileLocation= Read-Host "Enter Location Of Server List TXT File"

$ServerList= Get-Content $FileLocation

$Past= Read-Host "Enter Number of Days"

$Creds= Get-Credential

$a=$a+"BODY{background-color :#FFFFF}"
$a=$a+"TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}"
$a=$a+"TH{border-width: 1px;padding: 1px;border-style: solid;border-color: black;background-color: ThreeDShadow}"
$a=$a+"TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color: Transparent}"

 foreach ($server in $ServerList)
     {$server; get-winevent -computername $server -Credential $Creds -FilterHashTable @{ logname = "application","system"; StartTime = (get-date).AddDays(-$Past); Level= 3}| ConvertTo-Html -Property LevelDisplayName,TimeCreated,ProviderName,Message,LogName -head $a -body "<H2>$server</H2>" | Out-File C:EventLogs.html -Append}
Invoke-Item C:EventLogs.html