Learn about Windows PowerShell
Summary: In Advanced Event 7, you are required to search all Windows logs for the most recent event.
About this event
Division
Advanced
Date of Event
4/10/2012 12:01 AM
Due Date
4/17/2012 12:01 AM
You are troubleshooting a problem with your Windows 7 laptop, and you hope to find some clues to the recent performance issues by examining recent entries from various Windows logs. You have recently become aware that there are nearly 500 logs available in a standard Windows 7 installation, but you do not feel like manually searching through all of the logs by using the Event Viewer utility. You decide to use Windows PowerShell to come to the rescue. You want to write a command that will display the most recent one-event log entry from each event log and troubleshooting log that is enabled and has at least one entry in it. Crucial information for this process includes the log name, time of the event, the event ID, and the event message. An acceptable output is shown in the image that follows.
2012 Scripting Games: All Links on One Page
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. Good luck as you compete in this year’s Scripting Games. We wish you well.
Ed Wilson, Microsoft Scripting Guy
Please do NOT post answers to these questions here. The 2012 Scripting Games are still going on.
You are late Ed, I've read it! *evil laugh*
@Roman Prosvetov Yes, but I deleted the answer because it was a bad script, and I did not want everyone copying it and getting a 1 :-)
So hidden logs that are disabled, even if they contain entries, shouldn't be displayed, right?
@Mikko K that is correct. If a hidden log is disabled it should not be displayed even it does have entries.
What about logs that might need special access/rights to view?
@VNoob you need to trap the error and display log name with "no access" in the output.
Hi,
When you ask for "a command that will display the most recent one-event log entry from each event log and troubleshooting log that is enabled and has at least one entry in it", in fact, you want the first information event of each log?
@DamienCharbonnel I want the most recently written event log entry from each of the logs -- that is the one that is closest in time when the script runs.
Ok , thank you for your quick answer
I hope you have a fast computer for grading this one...
Ed, can you confirm that you want errors trapped and reported, if a log is inaccessible? This is not what you stated in the original outline. You said "Do not display errors". This seems like an additional requirement.
@Bigteddy, I do not want to display raw errors, but they should be trapped, and something friendly like logname not accessible should be displayed instead.
What about logs that are enabled but don't have any log entries? Should those be included?
HI Ed,
I seem to be the only one here, who hadn't ever heard of "hidden" logs.
Even Google (or Bing) don't do much better :-(
If I once will get to know them ,,, is it right, that we should display ONLY these logs?
The description of the event let me think, that we should query ALL logs.
Design point 2 ... is it: ONLY "Hidden?" logs ???
Klaus