get-allrecent udpated logs

 # winrm service should be running on the machine where script is running for ciminstance query else change it to get-wmiobject


# Get-Allrecentlogs -computername 'localhost' -startdateandtime '01/01/2005 00:00' -enddateandtime '07/07/2020 00:00' -logfilextension 'flv'
# Get-Allrecentlogs -computername 'localhost' -startdateandtime '01/01/2005 00:00' -enddateandtime '07/07/2020 00:00' -logfilextension 'mp4'


Function Get-Allrecentlogs{
param([string]$computername = 'localhost', [datetime]$startdateandtime, [datetime]$enddateandtime, [string]$logfilextension = 'log' )
if ($computername -eq 'localhost')
    {
    $location = (Get-CimInstance -ClassName Win32_logicaldisk -Filter "DriveTYpe = '3'").DeviceId
    }


else
{
$shares = Get-CimInstance -ComputerName $computername -ClassName Win32_share | Where-Object {$_.Path -match '^\w{1}:\\$'}

[System.Collections.ArrayList]$location = @{}
        foreach ($share in $shares){
        $Share = "\\$computername\$($share.Name)"
        if (!(Test-Path $share)){
                Write-Warning -Message "Unable to access '$share' share on '$computername'"
                }else{
                    $location.Add($share) | Out-Null
                    }
        }

}



# build the hashtable to perform splatting on the get-chilitem

$GciParams = @{
    Path = $location
    Filter = "*.$logfilextension"
    Recurse = $true
    Force = $true
    ErrorAction = 'Silentlycontinue'
    File = $true
                }

                ##wher filter to simplify

                $wherefilter = {($_.LastWritetime -ge $startdateandtime) -and ($_.LastWritetime -le $enddateandtime) -and ($_length -ne 0)}

                # finding all logs

                Get-ChildItem @GCIparams | Where-Object $wherefilter


                }

Comments

Post a Comment

Popular posts from this blog

powershell script to export applications and its requirement in weird way

 $SiteCode = 'DEV' $sccmserver = 'covid-100' $Applications = Get-WmiObject -Namespace "root\SMS\Site_$SiteCode" -Class SMS_Application -ComputerName $SCCMServer foreach ($apps in $Applications){ $DTS = Get-CMDeploymentType -ApplicationName $apps.LocalizedDisplayName foreach ($DT in $DTS){ $req = Get-CMDeploymentTypeRequirement -InputObject $DT "$($apps.LocalizedDisplayName) ; $($req.name)" | Out-File -FilePath "C:\Users\username\Desktop\dtsssss.csv" -Append } }
Read more

TASK sequence duration report

 SELECT   sys.Netbios_Name0 AS [Machine Name],   sys.User_Name0,   os.Caption0[Operating System],  os.InstallDate0 [OS installed date],  os.BuildNumber0[OS build number],  tsstart.Time as [TS StartTime],   tslast.Time as [TS EndTime],   CASE     WHEN DATEDIFF(dd, tsstart.Time, tslast.Time) > 0 THEN     CAST(DATEDIFF(dd, tsstart.Time, tslast.Time) AS VARCHAR(2)) + 'd '    ELSE ''   END +     convert(char(8),DATEDIFF(MINUTE, tsstart.Time , tslast.Time)) AS [Duration in Minutes] FROM  (   SELECT    MAX(ExecutionTime) AS Time,    AdvertisementID,    ResourceID   FROM v_TaskExecutionStatus  WHERE LastStatusMessageID = 11140 AND Step = 0   GROUP BY AdvertisementID,ResourceID  ) tsstart    INNER JOIN  (   SELECT    AdvertisementID,    Res...
Read more