4

We have a server running our backup software, and the software has its own event log. I can retrieve the most recent event log entry with this command:

Get-EventLog EventLogName -ComputerName server.example.com -newest 1

That gives me results like this:

Index Time          EntryType   Source                InstanceID Message
----- ----          ---------   ------                ---------- -------
64292 Aug 13 15:51  Information BackupSoftware             29593 Transfer of 1096 KB...

What I'd like to do is trigger an action (say, launch a second script) if the timestamp of the most recent event is older than one hour.

Any help would be appreciated.

JeffHarbert
  • 75
  • 8

1 Answers1

5
$Event = Get-EventLog Application | ? { $_.Source -EQ 'BackupSoftware' } | Sort Time | Select -Last 1
If($Event.Time -LT (Get-Date).AddHours(-1)) 
{ 
     Do-Stuff 
}

That will find the most recent event in the Application log with a Source of "BackupSoftware".

$Event = Get-EventLog BackupSoftware | Sort Time | Select -Last 1
If($Event.Time -LT (Get-Date).AddHours(-1)) 
{ 
     Do-Stuff 
}

That will find the most recent event in a custom log named BackupSoftware regardless of source or EventId.

In both cases, the script will Do-Stuff if the event is more than an hour old.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Why not use `-newest 1` instead of sort/select? – Mike Shepard Aug 13 '13 at 22:04
  • @MikeShepard Yep! You certainly could do that. You could also use Get-WinEvent, or even Get-WmiObject win32_NTLogEvent! There are lots of ways to skin cats in Powershell. Bonus fun: Use Measure-Command to see which method completes the fastest! – Ryan Ries Aug 13 '13 at 22:12