77 lines
2.4 KiB
PowerShell
77 lines
2.4 KiB
PowerShell
|
function Get-ServiceStartupFailuresFromEventLog {
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Get the (recent) service startup failures from the event log
|
||
|
Defaults to the past 12 hours
|
||
|
|
||
|
.PARAMETER Since
|
||
|
Specify a time to search from. See also -Until
|
||
|
|
||
|
.PARAMETER Until
|
||
|
Specify a time to search to. Requires -Since
|
||
|
|
||
|
.PARAMETER LastHours
|
||
|
Specify a number of most recent hours to search for. Defaults to the last 12 hours
|
||
|
|
||
|
.PARAMETER ServiceName
|
||
|
Specify a service name fragment to search for.
|
||
|
|
||
|
.PARAMETER Readable
|
||
|
[switch] Produce slightly more parseable output at the cost of record details
|
||
|
#>
|
||
|
[CmdletBinding(DefaultParameterSetName = 'LastHours')]
|
||
|
[OutputType([object[]])]
|
||
|
param (
|
||
|
[Parameter(Mandatory = $true, ParameterSetName = 'Since')]
|
||
|
[System.DateTime]$Since,
|
||
|
[Parameter(Mandatory = $false, ParameterSetName = 'Since')]
|
||
|
[System.DateTime]$Until,
|
||
|
[Parameter(Mandatory = $false, ParameterSetName = 'LastHours')]
|
||
|
[ValidateScript({if ($_ -ne 0) { $true } else {throw "0 is invalid, please specify a number of hours to search since"}})]
|
||
|
[int]$LastHours = 12,
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[Alias('Message')]
|
||
|
[Alias('match')]
|
||
|
[Alias('Contains')]
|
||
|
[string]$ServiceName = '',
|
||
|
[Parameter(Mandatory = $false)]
|
||
|
[switch]$Readable
|
||
|
)
|
||
|
|
||
|
$logLead = Get-LogLeadName
|
||
|
|
||
|
# 10,000 in this case is a magic string with no real value chosen behind it
|
||
|
# "a very large number"
|
||
|
if ((Get-WinEvent -ListLog Application).RecordCount -gt 10000) {
|
||
|
Write-Host "$logLead : This process takes a while to return all the records depending on how many are in the event log"
|
||
|
}
|
||
|
|
||
|
if ($PSCmdlet.ParameterSetName -eq 'LastHours') {
|
||
|
if ($LastHours -gt 0) {
|
||
|
$LastHours = $LastHours * -1
|
||
|
}
|
||
|
$Since = [System.DateTime]::Now.AddHours($LastHours)
|
||
|
}
|
||
|
|
||
|
$splat = @{
|
||
|
StartTime = $Since
|
||
|
LogName = 'Application'
|
||
|
ProviderName = 'Application Error'
|
||
|
Id = 1000 # magic number
|
||
|
}
|
||
|
|
||
|
if ($null -ne $Until) {
|
||
|
$splat.EndTime = $Until
|
||
|
}
|
||
|
|
||
|
$records = (Get-WinEvent -FilterHashtable $splat)
|
||
|
if (-not (Test-StringIsNullOrWhitespace($ServiceName))) {
|
||
|
$records = $records | Where-Object { $_.Properties.Value -match $ServiceName -or $_.Message -match $ServiceName }
|
||
|
}
|
||
|
|
||
|
if ($Readable) {
|
||
|
$records | Format-Table -Property TimeCreated,Message -Wrap
|
||
|
} else {
|
||
|
return $records
|
||
|
}
|
||
|
}
|