PoShMon

0.9.0

Functions/PoShMon.OSMonitoring/Test-EventLogs2.ps1

                                <# Function Test-EventLogs2

{

    [CmdletBinding()]

    param (

        [hashtable]$PoShMonConfiguration

    )

    $allTestsOutput = @()

    foreach ($SeverityCode in $PoShMonConfiguration.OperatingSystem.EventLogCodes)

    {   

        $mainOutput = Get-InitialOutputWithTimer -SectionHeader "$SeverityCode Event Log Issues" -OutputHeaders ([ordered]@{ 'EventID' = 'Event ID'; 'InstanceCount' = 'Count'; 'Source' = 'Source'; 'User' = 'User'; 'Timestamp' = 'Timestamp'; 'Message' ='Message' })

        $wmiStartDate = (Get-Date).AddMinutes(-$PoShMonConfiguration.General.MinutesToScanHistory) #.ToUniversalTime()

        $wmidate = new-object -com Wbemscripting.swbemdatetime

        $wmidate.SetVarDate($wmiStartDate, $true)

        $wmiStartDateWmi = $wmidate.value

        Write-Verbose "Getting $SeverityCode Event Log Issues..."

        foreach ($serverName in $PoShMonConfiguration.General.ServerNames)

        {

            $itemOutputValues = @()

            $events = Get-WmiObject win32_NTLogEvent -ComputerName $PoShMonConfiguration.General.ServerNames -filter "(logfile='Application') AND (Type ='$severityCode') And TimeGenerated > '$wmiStartDate'" | Group-Object EventCode, Message

            $eventLogEntryGroups = Get-GroupedEventLogItemsBySeverity -ComputerName $serverName -SeverityCode $SeverityCode -WmiStartDate $wmiStartDateWmi

            Write-Verbose $serverName

            if ($eventLogEntryGroups.Count -gt 0)

            {

                foreach ($eventLogEntryGroup in $eventLogEntryGroups)

                {

                    $currentEntry = $eventLogEntryGroup.Group[0]

                    if ($EventIDIgnoreList.Count -eq 0 -or $EventIDIgnoreList.ContainsKey($currentEntry.EventCode) -eq $false)

                    {

                        $mainOutput.NoIssuesFound = $false

                        Write-Verbose ($currentEntry.EventCode.ToString() + ' (' + $eventLogEntryGroup.Count + ', ' + $currentEntry.SourceName + ', ' + $currentEntry.User + ') : ' + $currentEntry.ConvertToDateTime($currentEntry.TimeGenerated) + ' - ' + $currentEntry.Message)

                        $outputItem = @{

                                        'EventID' = $currentEntry.EventCode;

                                        'InstanceCount' = $eventLogEntryGroup.Count;

                                        'Source' = $currentEntry.SourceName;

                                        'User' = $currentEntry.User;

                                        'Timestamp' = $currentEntry.ConvertToDateTime($currentEntry.TimeGenerated);

                                        'Message' = $currentEntry.Message

                                    }

                        $itemOutputValues += $outputItem

                    }

                }

                $mainOutput.OutputValues += @{

                                    'GroupName' = $serverName

                                    'GroupOutputValues' = $itemOutputValues

                                }

            }

            if ($mainOutput.NoIssuesFound)

            {

                Write-Verbose "`tNone"

                $mainOutput.OutputValues += @{

                                    'GroupName' = $serverName

                                    'GroupOutputValues' = @()

                                }

            }

        }

        $allTestsOutput += (Complete-TimedOutput $mainOutput)

    }

    return $allTestsOutput

}

#>