在这里打断我的贿赂,试图弄清楚为什么它不会从事件日志中提取事件?
我在事件日志中看到带有“备份操作已完成”消息的事件。
事件ID为: 14 ,位于日志名称下: Microsoft-Windows-Backup / Operational
$PastHours = 24
$StartAt = (Get-Date).AddHours(-$PastHours)
$ErrorActionPreference = "SilentlyContinue"
$FilterHashTable = @{
logname = "Microsoft-Windows-Backup/Operational"
id = 14
StartTime = $StartAt
}
$actions = (Get-WinEvent -FilterHashtable $FilterHashTable |
Where-Object {($_.Message -like "*operation*")})
if ($actions){
ForEach($action in $actions){
$Result = "OK: Windows Backup Completed Successfully"
Write-Host $Result
Exit 0
}
}
elseif ($action.count -eq "0") {
$Result = "CRITICAL: Windows Backup has not run in past $PastHours hours "
Write-Host $Result
Exit 2
}
else {
$Result = "CRITICAL: Windows Backup has not run in past $PastHours hours "
Write-Host $Result
Exit 2
}
我运行脚本并确认每次$ action.count为0 ..该事件存在并在8/8/2018 2:12 PM上运行
有什么建议吗?
答案 0 :(得分:1)
感谢雅各布,你是对的。
它现在正在使用:
Param(
[string]$PastHours
)
$StartAt = (Get-Date).AddHours(-$PastHours)
$ErrorActionPreference = "SilentlyContinue"
$FilterHashTable = @{
logname = "Microsoft-Windows-Backup"
id = 4
StartTime = $StartAt
}
$actions = (Get-WinEvent -FilterHashtable $FilterHashTable |
Where-Object {($_.Message -like "*successfully*")})
if ($actions){
ForEach($action in $actions){
$Result = "OK: Windows Backup Completed Successfully at {1} " -F $Task,$action.TimeCreated
Write-Host $Result
Exit 0
}
}
elseif ($action.count -eq "0") {
$Result = "CRITICAL: Windows Backup has not run in past $PastHours hours"
Write-Host $Result
Exit 2
}
else {
$Result = "CRITICAL: Windows Backup has not run in past $PastHours hours"
Write-Host $Result
Exit 2
}