Wednesday, April 1, 2009

Powershell-GUI: EventLog Manager

Problem Statement: Recently. there was a requirement for me to clear or save event logs of different systems on the network. The number of systems in the network were at least 10 and the requirement demanded that I had to Save Event logs or Clear Event Logs on all/selected servers (separated by commas), in one go!



Now here's what I came up with:






Script:
Function Main{
[reflection.assembly]::LoadWithPartialName( "System.Windows.Forms")
$form = New-Object Windows.Forms.Form $form.text = "Event Log Manager"
$form.height = 400
$label_logname = New-Object Windows.Forms.Label
$label_logname.Location = New-Object Drawing.Point 50,30
$label_logname.Size = New-Object Drawing.Point 200,30
$label_logname.text = "Enter the EventLog Name"
$combo = new-object System.Windows.Forms.ComboBox
$combo.Location = new-object System.Drawing.Size(50,60)
$combo.Size = new-object System.Drawing.Size(200,15)
$combo.Items.Add("Enter EventLog") $combo.Items.Add("Application")
$combo.Items.Add("System")
$label_server = New-Object Windows.Forms.Label
$label_server.Location = New-Object Drawing.Point 50,110
$label_server.Size = New-Object Drawing.Point 200,30
$label_server.text = "Enter the Server Names separated by commas"
$combo1 = new-object System.Windows.Forms.ComboBox
$combo1.Location = new-object System.Drawing.Size(50,150)
$combo1.Size = new-object System.Drawing.Size(200,15)
$combo1.Items.Add("10.2.2.3")
$button = New-Object Windows.Forms.Button
$button.text = "Save EventLog"
$button.Location = New-Object Drawing.Point 50,200
$button.Size = New-Object Drawing.Point 200,25
$button1 = New-Object Windows.Forms.Button
$button1.text = "Clear EventLog"
$button1.Location = New-Object Drawing.Point 50,250
$button1.Size = New-Object Drawing.Point 200,25
$button2 = New-Object Windows.Forms.Button
$button2.text = "Quit..."
$button2.Location = New-Object Drawing.Point 50,300
$button2.Size = New-Object Drawing.Point 200,25
$button.add_click({ $form.hide()
SaveEvtLog $combo1.text $combo.text })
$button1.add_click({ $form.hide()
ClearEvtLog $combo1.text $combo.text })
$button2.add_click({ $form.dispose() })
$form.controls.add($button)
$form.controls.add($label_logname)
$form.controls.add($label_server)
$form.controls.add($button1)
$form.controls.add($button2)
$form.controls.add($combo)
$form.controls.add($combo1)
$form.ShowDialog()
}

Function SaveEvtLog {
param ($computer,$evtlog)
$servers = $computer.split(',')
foreach ($server in $servers) {
[reflection.assembly]::LoadWithPartialName( "System.Windows.Forms")
$form1 = New-Object Windows.Forms.Form $form1.height = 300 $form1.width = 300 $label2 = New-Object Windows.Forms.Label
$label2.Location = New-Object Drawing.Point 50,30
$label2.Size = New-Object Drawing.Point 200,90
$ALive=get-wmiobject win32_pingstatus -Filter "Address='$server'" Select-Object statuscode
if($ALive.statuscode -ne 0)
{ "Host $server is Unreachable...`n" out-file log.txt -append }
else { $filename = "Log_" + $evtlog + "_" + $server + ".evt"
if((Test-Path -path c:\$filename) -ne $False) { remove-item C:\$filename } wmic /node:"$server" nteventlog where "logfilename='$evtlog'" call backupeventlog "C:\$filename" out-file null
remove-item null
copy-item file://$server/c$/$filename C:\
remove-item file://$server/c$/$filename
$lbl_text = "EventLog copied at c:\$filename" out-file log.txt -append } }
$lbl = get-content log.txt
$label2.text = $lbl
$button4 = New-Object Windows.Forms.Button
$button4.text = "Back to Main..."
$button4.Location = New-Object Drawing.Point 50,180
$button4.Size = New-Object Drawing.Point 200,25 remove-item log.txt
$button4.add_click({ $form1.hide()
Main })
$form1.controls.add($label2)
$form1.controls.add($button4)
$form1.ShowDialog() }

Function ClearEvtLog {
param ($computer,$evtlog)
$servers = $computer.split(',')
foreach ($server in $servers) {
[reflection.assembly]::LoadWithPartialName( "System.Windows.Forms")
$form1 = New-Object Windows.Forms.Form
$form1.height = 300 $form1.width = 300
$label2 = New-Object Windows.Forms.Label
$label2.Location = New-Object Drawing.Point 50,30
$label2.Size = New-Object Drawing.Point 200,90
$ALive=get-wmiobject win32_pingstatus -Filter "Address='$server'" Select-Object statuscode
if($ALive.statuscode -ne 0)
{ "Host $server is Unreachable...`n" out-file evt.txt -append }
else { $logs = [System.Diagnostics.Eventlog]::GetEventLogs("$server")
$Applogs = $logswhere-object {$_.logdisplayname -eq "$evtlog" }
if($Applogs -ne $null)
{$Applogs.clear()
"$evtlog Event Log Cleared at $server `n" out-file evt.txt -append}
else {"Event log is already cleared or it doesnt exist `n" out-file evt.txt -append} } } $lbl = get-content evt.txt
$label2.text = $lbl
$button4 = New-Object Windows.Forms.Button
$button4.text = "Back to Main..."
$button4.Location = New-Object Drawing.Point 50,180
$button4.Size = New-Object Drawing.Point 200,25 remove-item evt.txt
$button4.add_click({ $form1.hide()
Main })
$form1.controls.add($label2)
$form1.controls.add($button4)
$form1.ShowDialog() }

Main



Hope this helps!! Let me know your comments...
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)