Monday, January 19, 2009

PowerShell: Issues with GetEventLog on Windows XP

Enough of PERL for the time being......

Something in PowerShell now!

** Before starting, I am not responsible for the ramifications you face after running the below mentioned scripts...So be contemplative before trying these out!! **

Of late I have been working on Windows PowerShell and here’s one of my observations on Windows XP OS. – assuming that you have a XP system with PowerShell for XP running on it.
Following is the command that one would use in PowerShell for getting all the Event Logs of a remote system on the network.
$logs = [System.Diagnostics.EventLog]::GetEventLogs('HostName or IP')
Now, if you key in the command:
$logs
The output that you get would be something like this:

Max(K) Retain OverflowAction Entries Name
------ ------ -------------- ------- ----
512 7 OverwriteOlder 2,130 Application
512 7 OverwriteOlder 0 Internet Explorer
16,384 0 OverwriteAsNeeded 0 Microsoft Office Diagnostics
16,384 0 OverwriteAsNeeded 2,960 Microsoft Office Sessions
512 7 OverwriteOlder 0 Security
512 7 OverwriteOlder 2,337 System
15,360 0 OverwriteAsNeeded 40 Windows PowerShell

The interesting thing here is: What happens if the hostname in the first command is “localhost”?
Well in Win2k3 – STD/ENT and x86/x64 versions of OS, this would work fine giving you the correct output. But if the same command is run on the XP machine, that is, if the following is run on variants of XP OS, you would encounter an error.
------------------------------------------------------------------------------------------------
$logs = [System.Diagnostics.EventLog]::GetEventLogs('localhost')

Exception calling "GetEventLogs" with "1" argument(s): "The network path was no
t found.
"
At line:1 char:52
+ $logs = [System.Diagnostics.EventLog]::GetEventLogs( <<<< 'localhost')
----------------------------------------------------------------------------------------------
Looks like there’s an issue with ‘localhost’ on XP.

Solution:
There’s a way to get the event log of local system while running on Windows XP. Here’s what would work: $logs = [System.Diagnostics.EventLog]::GetEventLogs('127.0.0.1'). so instead of localhost, you could run the same with 127.0.0.1. Simple! But, a bit less obvious. Definitely, giving the ‘ComputerName’ or ‘IP’ itself would work.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)