one liner for event log

We have an application whose service keeps stopping.  I have a powershell script to check for this and to restart the service, however  you can also set a property on the service to restart it on failure.  There are options for first fail, second fail and third fail.  Note that the default option for “first-fail, restart in 60 seconds, reset statistics after 0 days” is the same thing as restarting every 60 seconds CONTINUOUSLY.

With the automatic restart, my “check every 15 minutes” script is not of much value.  Only 1/15 of the faults is likely to be noticed.  So i wrote a manual one-liner to check the windows event logs for any indication of what appears to be the log event associated with the problem.  Is that qualified enough?

Actually, i ‘semi-stole’ the script -with suitable modifiecations, of course.  It started out looking like

Get-Eventlog -Logname application -computer ws-server -newest 200 `
| Where-Object {$_.message -match “prunsrv” -AND $_.EventId -EQ ‘1000’} `
| Format-table timewritten, message -auto

This is all on on-line, with the “`” continuation character allowing the line to be spread across three lines on the display.

However, the pipe character at the beginning of the line can be placed at the END of the line, and will cause powershell to read the next line without the need for the continuation:

Get-Eventlog -Logname application -computer ws-husky -newest 200 |
Where-Object {$_.message -match “prunsrv” -AND $_.EventId -EQ ‘1000’} |
Format-table timewritten, message -auto

Also, this morning i only got 2 hits instead of 3 hits. New entries in the log had been added and pushed the oldest off the list.  If the code was rewritten to be the newest 200 OF THE ERROR type, this would be different.

This entry was posted in powershell, programming, Uncategorized. Bookmark the permalink.