Monitoring Logfiles with Powershell
- Getting Logfiles from Servers using Powershell
- Including the Logfiles in a Website
- Adding Uptime Stats and Finishing up Webpages
- Deployment Instructions
Microsoft includes quite a few Powershell "cmdlets" to easily gather info and perform actions against Windows Operating Systems. One of these "cmdlets" is called Get-EventLog and allows you to easily get the entries within a System's Event Logs. Upon playing around with this cmdlet I found that I could easily create a website that I could use to easily go through all the servers logfiles that I help maintain.
This article will step you through setting up what I created within your network to aid in maintaining your Windows Servers. You can view an example page of what this looks like here, note that I simply used the same machine 6 times, but you will get the idea of what the results look like.
Getting & Formatting the Logfiles
The first step is to actually get the logfiles from all the servers you want to monitor. To do this I create the following script. What this script does is:
- Put's the last 24 hours of log entries as an HTML Table and put it into a temporary file
- Strips all the "heading" tags in the HTML file, along with the last few tags that are not needed.
- Add a few CSS style markers to the table
- The resulting file (which should only include everything within the <table> tags) is written to
the C:\Inetpub\wwwroot\serverlogs directory
View the get-logfiles.ps1 script here, it is also included with the Logfile Monitoring Zip File.
$computers = @("Server1","Server2","Server3")
ForEach ($computer in $computers) {
Get-EventLog Application -EntryType Error,Warning -ComputerName $computer -after (get-date).AddHours(-24) | select TimeWritten,EntryType,Source,EventID,Message | ConvertTo-Html -As Table > C:\Inetpub\wwwroot\serverlogs\$computer-applog-tmp.html
(Get-Content C:\Inetpub\wwwroot\serverlogs\$computer-applog-tmp.html) | ? {(1..5) -notcontains $_.ReadCount} | Foreach-Object {$_ -replace "</body></html>", " "} | Foreach-Object {$_ -replace "<table>", "<table id=$computer-applog style=display:none>"} |Set-Content C:\Inetpub\wwwroot\serverlogs\$computer-applog.html
Get-EventLog System -EntryType Error,Warning -ComputerName $computer -after (get-date).AddHours(-24) | select TimeWritten,EntryType,Source,EventID,Message | ConvertTo-Html -As Table > C:\Inetpub\wwwroot\serverlogs\$computer-syslog-tmp.html
(Get-Content C:\Inetpub\wwwroot\serverlogs\$computer-syslog-tmp.html) | ? {(1..5) -notcontains $_.ReadCount} | Foreach-Object {$_ -replace "</body></html>", " "} | Foreach-Object {$_ -replace "<table>", "<table id=$computer-syslog style=display:none>"} | Set-Content C:\Inetpub\wwwroot\serverlogs\$computer-syslog.html
}
If you are attempting to run this over a slower WAN connection, this script may "timeout" and never complete. If you are trying to get logfiles from remote servers/workstations, create a scheduled task on a remote computer to gather the scripts for that network, then at the end of the script perform a copy to the server/workstation you will host the Web Frontend on, for instance, use the above script, adjust the output directory, then simply add the following command at the end of it:
copy c:\logs\*log.html \\servername\c$\inetpub\wwwroot\serverlogs
You can view the remote_get-logfiles.ps1 script here, it is also included with the Logfile Monitoring Zip File.
Now that you have the needed html files for each server's app and system log, next I will show you how to setup webpages to easily view the logfiles.
