Till now I never used PowerShell, but now I have to. (Don’t worry I know how to program in other languages.)
What I have to do:
There are 2 eventlogs: “EventID equals 3317 and Event Level equals Error" and "EventID equals 3317 and Event Level equals Information"
If there is an event with the level “Error” without an event with the level “Information” afterwards, then the output has to be “Critical”. If there is an event with the level “Information” after this event with the level “Error” the output has to be “Ok”. (If there is no event with that ID everything is "Ok".)
Now the problem is that I don’t know how to compare both date values I get from those lines...
get-eventlog -log application -EntryType error –newest 1 | where {$_.eventID -eq 3317}
get-eventlog -log application -EntryType information –newest 1 | where {$_.eventID -eq 3317}
Other solutions are appreciated as well. ;)
Greetings, Cédric
EDIT (The code):
#Error:
$e_error = (get-eventlog -log application -EntryType error | where {$_.eventID -eq 3317} | Select -First 1).TimeGenerated
write-host "Error: $e_error"
#Information:
$e_info = (get-eventlog -log application -EntryType information | where {$_.eventID -eq 3317} | Select -First 1).TimeGenerated
write-host "Information: $e_info"
if (($e_error) -and ($e_info)) { #If $e_error (Error) & $e_info (Information) are not empty (events exists)
$timediff = (new-timespan –start $e_error -end $e_info).TotalSeconds #Difference
if ($timediff -gt 0) { #If $e_info (Information) newer than $e_error (Error)
$res = "Ok"
} else { #If one of them or both are empty
$res = "Critical"
}
} else {
if (($e_error) -and (!($e_info))) { #If $e_error (Error) exists but not $e_info (Information)
$res = "Critical"
} else { #If non of both or only Information exists
$res = "Ok"
}
}
write-host $res
