0

I have this snippet of code here:

    $currentDate = get-date
    $pastDate = $currentDate.addhours(-5)


    $errorCommand = get-eventlog -Before $currentDate -After $pastDate -logname   Application -source "ESENT" 
    $errorInfo = $errorCommand | out-string

I have a local machine that I run the entire script on, and it works 100% fine. When I run this code on Windows Server standard, via remote desktop, I get the following:

"Get-EventLog : A parameter cannot be found that matches parameter name 'before'" It refers to "$errorCommand =" and I cannot for the life of me figure out why it cannot find this parameter, is something setup incorrectly with my powershell?

Pensai
  • 9
  • 7
  • Is there any chance that the `Get-EventLog` cmdlet was redefined? Someone could have overridden the built-in cmdlet with their own function. –  Jun 25 '14 at 18:44
  • @iCodez Yea it might be the case. When I get-help on Get-EventLog there is no mention whatsoever of the before or after params, in fact quite a few seem to be missing. I think I am going to have to find some other way to achieve the same affect with my script, but in a different way... EDIT: perhaps some sort of concoction involving -newest could solve my problem. – Pensai Jun 25 '14 at 18:49
  • Do a `Get-Command Get-EventLog` and see if the ModuleName is Microsoft.PowerShell.Management, or if perhaps more than one is listed. – TheMadTechnician Jun 25 '14 at 19:00
  • @TheMadTechnician upon doing this i get the headings "command type, name, and definition" no mention whatsoever of Microsoft.powershell.management – Pensai Jun 25 '14 at 19:04

1 Answers1

0

It seems like the built-in Get-EventLog was overridden by a different function with the same name. Not only is it missing many of its standard parameters, but the command Get-Command Get-EventLog did not mention Microsoft.Powershell.Management like it should have:

PS > Get-Command Get-EventLog

CommandType     Name             ModuleName                              
-----------     ----             ----------                              
Cmdlet          Get-EventLog     Microsoft.PowerShell.Management         


PS >

You can use New-Alias to set the name back to the original cmdlet:

$currentDate = get-date
$pastDate = $currentDate.addhours(-5)

#####################################################################
New-Alias Get-EventLog Microsoft.PowerShell.Management\Get-EventLog
#####################################################################

$errorCommand = get-eventlog -Before $currentDate -After $pastDate -logname   Application -source "ESENT" 
$errorInfo = $errorCommand | out-stringApplication -source "ESENT"

See a demonstration below:

PS > function Get-EventLog { 'Different' }  
PS > Get-EventLog  # This is a new function, not the original cmdlet
Different

PS > New-Alias Get-EventLog Microsoft.PowerShell.Management\Get-EventLog  
PS > Get-EventLog  # This is the original cmdlet
cmdlet Get-EventLog at command pipeline position 1
Supply values for the following parameters:
LogName:

Although it might be better to investigate why the cmdlet was overridden in the first place and then fix that instead.

  • Doing this seems to have changed nothing whatsoever, I'm still missing those parameters, It might be good to also note I am currently an Intern at the company right now. I'm sure they changed the cmdlet with good reason, wouldn't want to break anything :P I am also a powershell noob so forgive my idiocy. – Pensai Jun 25 '14 at 19:11
  • No worries. The line I gave will not break anything; it only changes the name for the current PowerShell session. Also, I am sure that the `Get-EventLog` cmdlet was redefined because it is missing many of its normal parameters and you said that `Get-Command Get-EventLog` didn't mention `Microsoft.Powershell.Management` like it should have. Did you place the line just above the line where you use `Get-EventLog` (see my edit)? –  Jun 25 '14 at 19:33
  • Yes, I have properly placed the command. It simply changes nothing unfortunately. I am still being told before does not exist. Am I going to have to completely work around this issues and code it differently? Also could this be a version problem? Running a 'get-host' tells me the machine is currently running 1.0.0.0. and we're up to version 4.0 no? – Pensai Jun 25 '14 at 19:37
  • Yea, running that command you have up there, the heading 'ModuelName' is 'Definition' for me, and begins listing the params the cmdlet can take. EDIT: I will look into trying to update powershell on this machine. – Pensai Jun 25 '14 at 19:41
  • Found your problem: it is a versions issue. As stated [here](http://www.activexperts.com/admin/powershell/powershell10/0041/), the PowerShell 1.0 `Get-EventLog` does not have a `-Before` parameter. That was introduced in PowerShell 2.0, as stated [here](http://technet.microsoft.com/en-us/library/hh849834%28v=wps.620%29.aspx). So, you either need to rework your script to not use `Get-EventLog` like that or, if possible, get your superiors to upgrade PowerShell. :) –  Jun 25 '14 at 19:44
  • I'm speaking with a collegue here, I've updated to powershell 2.0, and hopefully to 3 or 4.0 but the machine needs a reboot. Unfortunately this particular machine does some important things for us here, so progress is halted until I get get an 'okay' on a reboot. Thanks for working this out with me iCodez I appreciate it! Once this script is deployed it is going to save us from a lot of annoyance every morning! – Pensai Jun 25 '14 at 19:57