Search all Evenlogs, Error when is empty

Question

Search all Evenlogs, Error when is empty

Franky 106

Hello,

I want to search all Eventlogs. If there is no data/entry a error message is display. Is it posible to bypass the error message when eventlog is empty?

$startdate = "01/01/2022 01:00:00"  # mm/tt/yyyy  
$enddate = "12/31/2022 23:590:00"  
#$Computer = "PCABD"  
  
#===========================================================================================================  
# Get all Eventlogs  
#===========================================================================================================  
  
$AllEventLogs = Get-WinEvent -ListLog Microsoft-Windows* #-ComputerName PCAF1  
foreach($EventLog in $AllEventLogs){  
  
    #Get-WinEvent -ListLog *  
    $Events = Get-WinEvent -logname $EventLog.LogName | where {$_.TimeCreated -gt $startdate -and $_.TimeCreated -lt $enddate}  
  
    foreach($event in $Events){  
        #If($event.Message -match "Suchbegriff"){  
            write-host $event.Message -ForegroundColor Green  
            $event.LogName +";"+ $event.TimeCreated +";" + $event.id +";"+ $event.LevelDisplayName + ";"+ $event.Message  >>c:\temp\EventLogTreffer.txt   
        #} # endif  
    }   
} #foreach AllEventlogs

4 answers

Your answer

Answer 1

It looks like the Get-WinEvent cmdlet writes the error message even if the ErrorAction is set to SilentlyContinue. To avoid the message being shown on the console, wrap the cmdlet and the code that follows in a Try/Catch block. You can deal with the error in the catch block if you like.

$startdate = "01/01/2022 01:00:00"  # mm/tt/yyyy  
$enddate = "12/31/2022 23:59:00"   # Was "12/31/2022 23:590:00"  
#$Computer = "PCABD"  
      
#===========================================================================================================  
# Get all Eventlogs  
#===========================================================================================================  
      
$AllEventLogs = Get-WinEvent -ListLog Microsoft-Windows* #-ComputerName PCAF1  
foreach ($EventLog in $AllEventLogs) {  
    try{  
        #Get-WinEvent -ListLog *  
        $Events = Get-WinEvent -LogName $EventLog.LogName -ErrorAction STOP  |   
                        Where-Object { $_.TimeCreated -gt $startdate -and $_.TimeCreated -lt $enddate }  
        foreach ($event in $Events) {  
            If($event.Message -match "Suchbegriff"){  
                Write-Host $event.Message -ForegroundColor Green  
                $event.LogName + ";" + $event.TimeCreated + ";" + $event.id + ";" + $event.LevelDisplayName + ";" + $event.Message  >>c:\junk\EventLogTreffer.txt   
            } # endif  
        }  
    }  
    catch{  
        # ignore the error  
    }  
} #foreach AllEventlo

Chris 656 Reputation points

2022-10-04T17:21:31.93+00:00

Thanks Rich
ups 23:590 was a typing error (Script from 2021 I change a little thing für MS Q&A)

Answer 2

MotoX80 36,401

Take a look at my RecentEvents.ps1 script.

https://learn.microsoft.com/en-us/answers/questions/102481/eventlog-madness.html

You can use the Gridview to filter events.

Answer 3

Franky 106

next error with try and catch - why?

No events were found that match the specified criteria.

Rich Matheisen 47,901 Reputation points

2022-10-05T14:47:29.07+00:00

That happens because you used the ErrorAction "Continue" instead of "STOP" on the Get-WinEvent cmdlet!

Using anything other than "STOP" won't treat a non-terminating event as a terminating event. Without a terminating event there's no failure and no activation of the Catch block.

Answer 4

Chris 656

thank you very munch to both solution.

the script from MotoX is very fast. I think I use this.

Share via

Search all Evenlogs, Error when is empty

4 answers

Your answer