Shavlik Script Catalog: Get System Events

Version 5

    Author: Shavlik
    Category: Information
    Inputs: None
    Minimum ITScripts engine version required:  8.0.0.0
    Modifies the target machine: No
    Name: Get System Events
    Outputs: CSV file of recent System Events

    Purpose: Gather event logs from target systems

    Script Version: 1.0.0.7

    Target Type: Any

     

    Technical Description:

    This script will get the last 10 events from the System Events on the target machine.  Although no inputs are required, this script can be modified to get more than the last 10 events, or to pull from other Event logs like "Security".  The script begins by detecting the OS of the target as access to the Event Viewer has changed on newer OSs.  Using the WMI Get-WinEvent object the script collects the events from the target and writes them to a CSV file viewable in the ITScript Results view.

     

    Possible OpsMon status include:

    "Get-WmiObject failed.  Machine may be offline."

    "Log `'$eventlogname`' does not exist"

    "Log `'$eventlogname`' on machine `'$ST_ComputerName`' contains zero entries"

    "Error retrieving events"

    "Completed: Success"

     

    Caveats:

    Pre-Vista machines require the script to be run as a domain credential where newer OSs allow event logs to be accessed as a local admin credential.