This script was put together very quickly to accomplish the objective stated in the title.
1: #requires -version 2.0
2: <#
3: author: Johan Vosloo
4: date: 24/11/2011
5: purpose: Retrieve event id’s from multiple machines and add to a CSV file.
6: #>
7: Try
8: {
9: $servers=get-content c:\scripts\servers.txt
10: $date=(Get-Date).AddDays(-7)
11: foreach ($server in $servers)
12: {
13: if (test-connection $server -quiet)
14: {
15: $arr1+=get-eventlog -logname system -cn $server -after $date | ?{$_.eventid -eq "21" -or $_.eventid -eq "4201"} | select MachineName,EventID,EntryType,Message
16: $arr2+=get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "902" -or $_.eventid -eq "1003"} | select MachineName,EventID,EntryType,Message
17: $arr3+=get-eventlog -logname "windows powershell" -cn $server -after $date | ?{$_.eventid -eq "4004"} | select MachineName,EventID,EntryType,Message
18: }
19: }
20: if ($arr1)
21: {$arr1 | export-csv c:\scripts\sysoutput.csv -notypeinformation}
22: else
23: {"No matching system log events found..."}
24: if ($arr2)
25: {$arr2 | export-csv c:\scripts\appoutput.csv -notypeinformation}
26: else
27: {"No matching application log events found..."}
28: if ($arr3)
29: {$arr3 | export-csv c:\scripts\psoutput.csv -notypeinformation}
30: else
31: {"No matching powershell log events found..."}
32: }
33: Catch
34: {
35: "An error occurred"
36: }
Requirements:
MPViewer v1.7 returns no rule severity/priority data for the System Center Configuration Manager Management Pack version 6.0.6000.3 (27/9/2011). This script can be used to extract that information.
1: #requires -version 2
4: date: 3/11/2011
5: info: Must be executed from within the Operations Manager shell
6: severity/alertlevel: http://msdn.microsoft.com/en-us/library/ms813440.aspx
7: #>
8: $error.clear()
9: trap [System.Management.Automation.CommandNotFoundException] {"Command entered does not exist. Please ensure that you are running this script from within the System Center Operations Manager Shell.";continue} trap {"Errors were found.";continue}
10: if ($error){return} else
11: {
12: #MP
13: $configmp=get-managementpack -Name Microsoft.SystemCenter.ConfigurationManager.2007
14: #Rules
15: $ruleinfo=@()
16: $configmp_rules=$configmp.getrules()
17: $configmp_enabledrules=$configmp_rules | ?{$_.enabled -eq "true"}
18: foreach($configmp_enabledrule in $configmp_enabledrules)
19: {
20: foreach ($WriteAction in $configmp_enabledrule.WriteActionCollection)
21: {
22: $config=$writeaction.configuration
23: if ($config.contains("<GenerateAlert>true")){
24: $config -match "</Description><AlertLevel>(?<content>.*)</AlertLevel><ResolutionState/><Source>" | out-null
25: switch ($matches['content'])
26: {
27: {$_ -le 20} {$alertlevel="Information";break}
28: {$_ -le 40} {$alertlevel="Warning";break}
29: {$_ -le 70} {$alertlevel="Critical";break}
30: }
31: }
33: $ruletmpobj=New-Object -Typename psobject –property @{displayname=$configmp_enabledrule.displayname;priority=$configmp_enabledrule.priority;severity=$alertlevel}
34: $ruleinfo+=$ruletmpobj
35: }
36: $ruleinfo | export-csv $home\Desktop\info.csv -notypeinformation
37: write-host "Rule data was extracted to $home\Desktop\info.csv" -ForegroundColor green
38: }