Never did figure out why this wasn't working. I did switch from get-eventlog to
get-winevent and it failed faster.
From: dani...@hotmail.com
Subject: Re: [scripting] hit or miss
Date: Mon, 10 Mar 2014 14:33:52 -0700
To: scripting@lists.myitforum.com
CC: scripting@lists.myitforum.com
The ones I know it's skipping are up and operational. They are my control set.
On Mar 10, 2014, at 14:24, "Daniel Ratliff" <dratl...@humana.com> wrote:
Any chance the ones it's skipping are failing the test-connection?
-Daniel Ratliff
-----Original Message-----
From: Daniel Chenault [dani...@hotmail.com]
Sent: Monday, March 10, 2014 05:21 PM Eastern Standard Time
To: scripting@lists.myitforum.com
Cc: scripting@lists.myitforum.com
Subject: Re: [scripting] hit or miss
Because we have Citrix servers that are rebooted on a regular basis in that
time frame. Event ID 41 specifically indicates an abnormal reboot.
On Mar 10, 2014, at 14:11, "Trevor Sullivan" <tsul...@gmail.com> wrote:
Why not just get the list of servers dynamically from Active Directory? Use the
LastBootupTime property on the Win32_OperatingSystem WMI class to see when the
system last booted up.
$ServerList
=
Get-ADComputer -Properties
operatingsystem -Filter
'operatingsystem -like "*server*"';
foreach
($Server
in $ServerList) {
'{0},{1}' -f
$Server.Name, (Get-WmiObject
-ComputerName $Server.Name
-Class Win32_OperatingSystem).LastBootupTime;
}
Results look like this:
<image001.png>
Cheers,
Trevor Sullivan
From:
listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com]
On Behalf Of Daniel Chenault
Sent: Monday, March 10, 2014 4:01 PM
To: Scripting
Subject: [scripting] hit or miss
We had an outage over the weekend and I've been tasked with discovering which
servers were affected. Get-eventlog should help here, right? Not working... I
ran it against a single machine
I know for sure was affected and it worked. Now it's skipping over machines I
know were affected. Mongo confused...
#server-out.txt is all servers dumped from AD
$servers = Get-Content c:\admin\server_out.txt
$startdate = "3/8/2014 10:30:00 PM"
$enddate = "3/9/2014 01:00:00 am"
foreach ($server in $servers)
{
write-host "Testing connection to" $server
if((Test-Connection -Cn $server -BufferSize 16 -Count 1 -ea 0 -quiet))
{
$holder = $null
$holder = Get-EventLog system -After $startdate -Before $enddate
-ComputerName $server | where {$_.eventid -eq 41}
write-host $holder
if ($holder -ne $null)
{
write-host $server "was affected"
write-host "Appending " + $server + " to file"
Out-File -InputObject $server -FilePath c:\admin\affected.txt
-append
}
}
}
NB: source is Kernel-Power
The information transmitted is intended only for the person or entity to which
it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.
