PhishThis!

I had an issue today where I needed to find the frequency of an error on some of my VMs. It seems like I get VMSCSI errors at the same time each which (which probably means high SAN activity, but I’m trying to nail everything down). Either way, I needed to check all of my event logs for EventID 11 and 15. It’s slow…and by slow I mean it took about 30 minutes to scan 10 or so VMs…but it works, and I was able to get a decent idea of the times I’m seeing these errors.

$servers = .\getservernames.ps1 Tom 

foreach ($server in $servers)
{
     if ((get-wmiobject -computer $server win32_computersystem).manufacturer -eq "VMware, Inc.")
     {
         get-wmiobject -query
            "select * from Win32_NTLogEvent where LogFile = 'System' AND EventCode = 11
            OR EventCode = 15" |
            foreach { add-content c:\temp\$server.log "$_.timegenerated - $_.eventcode" }
     }
}

Aaaand, it’ll return logs for each server, with a time stamp, the event ID, and nothing more. Quick, dirty, but took me 5 minutes and got the info I needed…30 minutes later :p There’s probably a better way. I’ll have to see what I can come up with.