Grabbing Eventlogs from busy servers

  • Article

Grabbing Eventlogs from busy servers

 

Imagine a scenario where you are analyzing/troubleshooting some server or application issue and you would like to collect all relevant eventlogs from server for your research. However, sometime you may end-up in below few situations which will make this task a nightmare:

a) Server performance is really slow and it takes forever to open event logs GUI
b) There are tons of events logged and its taking a lot of time to load all information in event viewer
c)There are lot of unwanted logs logged and you would like to quickly filter out only particular source or application log
d)You would like to export logs quickly in a file which you can transfer to your machine to review and research

Well we have Powershell to make our admin life easier. If you have Windows server 2008 or above, you can utilize some powerful modules to get eventlogs for you in seconds.

In below screenshot example I have demonstrated how to use Get-Eventlog module to fetch all error+warning events for source/application CRM which occurred between 10th March to 15th March.

Command is :

Get-EventLog -LogName Application -Source MSCRM* -EntryType Error,Warning -after 3/10/2015 -before 3/15/2015

 

Parameters Explained
==================
1) -Logname should be modified according to your requirement. If you are looking for some application crash or error log then in windows eventviewer we have a a separate log called "Application" log. If you are looking for install failure, patch failures or some system related logs and select "System" . Like wise use other logname which are present in eventviewer

2) -Source: this is the application or process which is throwing the error.

3) -EntryType: We have 4 levels of logs in eventlogs- Error, Warning, Critical and Informational. Choose the level in this switch

4) -Before and -after are used for start and end date of eventlogs. If you do not use this parameter, it will start pulling all the logs available for that source till date.

Now there is an option available that can help you to export all these useful evenlogs into csv file, which will easy and quick to read using excel in other system. The command is below

Get-EventLog -LogName Application -Source MSCRM* -EntryType Error,Warning -after 3/10/2015 -before 3/15/2015 | Export-Csv c:\Errors.csv

For other helpful parameters go through below TechNet article:
https://technet.microsoft.com/en-us/library/hh849834.aspx