<#Created By Abhishek Bansal
Read Note
Script Usage :: Want to check what logging mode is configured for events like System , Setup, Application , Security logs for all your servers ?? What' the current size of all the events contained in these logs ?? What's the maximum log size of these events ?? For all this, use below script.
Pre requisites :: Copy all the code into a text file, save it with an extension ".PS1". On same location create a text file named "InputServers.txt" which will be containing names of machines. Once saved, run script as Administrator.
Execution & Outputs :: Once executed Output will be saved in a file named "LoggingmodeOutput.csv" and any Errors into "Errorslogs.csv" onto same location. #>
$servers = Get-Content .\InputServers.txt
foreach($server in $servers)
{
$server = $server.trim()
$Error.Clear()
try{
Invoke-Command -ComputerName $server -ErrorAction Stop -ScriptBlock{Get-WinEvent -ListLog Application,Setup,System,Security | Select-Object @{n="Hostname";e={$using:server}},LogName,LastAccessTime,LastWriteTime,@{n="MaximumLogSize(MB)";e={[Math]::Round($($_.MaximumSizeInBytes)/1024/1024,1)}},@{n="CurrentEventSize(MB)";e={[Math]::Round($($_.FileSize)/1024/1024,1)}},@{n="Events Count";e={$_.RecordCount}},@{n="LoggingMode";e={$(if($_.Logmode -eq "Circular"){echo "Overwrite events as needed (Oldest events first)"}elseif($_.Logmode -eq "Retain"){echo "Do not overwrite events (Clear logs manually)"}elseif($_.Logmode -eq "AutoBackup"){echo "Archive the log when full, do not overwrite events)"})}},LogFilePath} | Export-Csv ./LoggingmodeOutput.csv -NoTypeInformation -Append
}
catch
{
$server | Select-Object @{n="Hostname";e={$server}},@{n="ErrorMessage";e={$($Error.Exception.Message)}} | Export-Csv ./Errorlogs.csv -NoTypeInformation -Append
}
}
Sample Output
No comments:
Post a Comment