I had an issue today where I needed to find the frequency of an error on some of my VMs. It seems like I get VMSCSI errors at the same time each which (which probably means high SAN activity, but I’m trying to nail everything down). Either way, I needed to check all of my event logs for EventID 11 and 15. It’s slow…and by slow I mean it took about 30 minutes to scan 10 or so VMs…but it works, and I was able to get a decent idea of the times I’m seeing these errors.
[source language='c#']
$servers = .\getservernames.ps1 Tom
foreach ($server in $servers)
{
if ((get-wmiobject -computer $server win32_computersystem).manufacturer -eq “VMware, Inc.”)
{
get-wmiobject -query
“select * from Win32_NTLogEvent where LogFile = ‘System’ AND EventCode = 11
OR EventCode = 15″ |
foreach { add-content c:\temp\$server.log “$_.timegenerated – $_.eventcode” }
}
}
[/source]
Aaaand, it’ll return logs for each server, with a time stamp, the event ID, and nothing more. Quick, dirty, but took me 5 minutes and got the info I needed…30 minutes later :p There’s probably a better way. I’ll have to see what I can come up with.
what are the contents of .\getservernames.ps1 ?
Looks like I neglected to post it. Here it is:
http://www.phishthis.com/2008/12/18/get-servernamesps1-return-a-list-of-computer-objects-from-active-directory/