:::: MENU ::::
Monthly Archives: August 2018

OS Installed Date > 10 Days


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceId = SMS_R_System.ResourceId WHERE dateDiff(dd, SMS_G_System_OPERATING_SYSTEM.InstallDate, GetDate()) > 10

event viewer log export by event id


Set-Variable -Name EventAgeDays -Value 1 #we will take events for the latest 7 days
Set-Variable -Name CompArr -Value @("$env:COMPUTERNAME") # replace it with your server names
Set-Variable -Name LogNames -Value @("Application", "System") # Checking app and system logs
Set-Variable -Name ExportFolder -Value "c:\EWLogsbyEventID\" # change this yo your own location
$el_c = @() #consolidated error log
$now=get-date
if($ExportFolder){New-Item -Path $ExportFolder -ItemType Directory -Force}
$startdate=$now.adddays(-$EventAgeDays)
$ExportFile=$ExportFolder + "el" + $now.ToString("yyyy-MM-dd---hh-mm-ss") + ".csv" # we cannot use standard delimiteds like ":"

foreach($comp in $CompArr)
{
foreach($log in $LogNames)
{
Write-Host Processing $comp\$log
$el = get-eventlog -ComputerName $comp -LogName $log -After $startdate | where EventID -EQ 1000
$el_c += $el #consolidating
}
}
$el_sorted = $el_c | Sort-Object TimeGenerated #sort by time
Write-Host Exporting to $ExportFile
$el_sorted|Select EntryType, TimeGenerated, Source, EventID, MachineName, Message | Export-CSV $ExportFile -NoTypeInfo #EXPORT