PowerShell Log

I'm starting to have many jobs that run powershell scripts on some servers so I decided to update the scripts in order to write to the event logs on the servers.

I decided to create my own log in order to be free to do anything I want with it and I called it "Powershell Jobs". I also added a source for every job. All that with the New-EventLog command.

I then added error handling code to the scripts using the $error.Count value in order to check if the last command had any errors and the $error[0] for the error message.

I then write to the above log using the Write-EventLog command.

That way I know what happened for every job and I can get it on Splunk (or any other syslog server) too.

One more thing, depending on the result of a command I write error or information events and I'm using a seperate ID for every event type.

Popular posts from this blog

IIS Client Certificate Revocation Check Disable

Image
A couple of weeks back, a certificate was approaching it's expiration date on an IIS server and the update - although pretty straight forward, caused a major issue for the service running on that server. I had the new certificate in PFX format, I've installed it on the computer certificate store and it was available in the IIS Manager console. All the certificates for the Root and Intermediate authorities were property installed and the clients had access to the CRL urls. However, when I switched the certificate, the clients were not able to communicate property with the website. After going through the logs on the clients and the application, I discovered that the clients were using client certificates in order to authenticate and the validation process was failing for those certificates since my server could not check their revocation. I opened up a command prompt to get more information on the bindings on the website since there are settings that are not available when...
Keep reading

Configuring Log and Performance Counter collection on the OMS Workspace

Image
Following the introduction to the Azure Advanced Analytics article  where we have provisioned an OMS Workspace and took a quick look on it's settings, we are now going to add the windows logs we would like to collect along with some system performance counters. To get to the Data settings of the workspace, we are going to use the Advanced Settings option on the main workspace blade. Here, you have to type the name of the log and then click the plus sign in order to add it. As shown below, I've started with the application and system logs that contain very useful information about the system and the applications that may be running on it. When done adding logs, click the save button to save the configuration. Now that we have configured the logs to collect, we are going to move on to the performance counters by clicking on "Windows Performance Counters". The Advanced Analytics team suggests a few counters related to disk, memory, processor and network, so go...
Keep reading

Send Syslog Messages from PowerShell

Image
In most cases, the scripts, functions and cmdlets we develop have to save events to a log file to make troubleshooting easier. With PowerShell, the easiest thing would be to write an event to the event log or a file. When it comes to centralized log management, most organizations have based their strategy on the syslog server and protocol. There may be agents on the windows server machines that your code is running on to collect the messsages but that's not always the case. So how can we send messages to a syslog server directly using PowerShell? Although that's not that hard, I've put together a cmdlet to do just that! My General PowerShell module that is published on the Gallery  contains the   Send-SyslogMessage cmdlet from version 2.12.0 onwards. A call to the Send-SyslogMessage would be pretty much like the following: Send - SyslogMessage - Server syslog . lab . local ` - Severity Error ` - Facility Local0 ` ...
Keep reading