如何在重新启动后从远程服务器中提取一系列失败的服务
警告:当 Get-WmiObject 调用解析整个事件日志以匹配我指定的过滤器时,不会使 cpu 激增。
情况:我正在编写一个远程运行一些检查的脚本,然后重新启动电脑。我希望它在服务器重新启动后(休眠一段时间后)检查运行状况,以确保应该启动的服务已启动。我遇到过“自动”服务启动然后关闭(按预期),但如果它们已经运行,我当前的版本会将它们视为失败。有人建议我检查事件日志中的“服务控制管理器”错误,并报告这些错误,现在唯一的问题是,使用下面的脚本,我们的服务器的事件日志范围可以从 20K 到数十万个事件,在具有 20K 的 2k 服务器上,这大约需要 20 秒才能完成,并且运行时 CPU 接近 100%。
我仍在学习 powershell/wmi,因此任何建议将不胜感激。
function Check_Startup_Events {
BEGIN {
$time = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime((Get-Date).AddMinutes(-15))
}
PROCESS {
$results = Get-WmiObject Win32_NTLogEvent -computername $_ -Filter "LogFile='System' and SourceName='Service Control Manager' and TimeGenerated>='$time' and EventType=1" |
Format-Table -Autosize EventCode, Message
$results
}
}
Caveat: Without spiking the cpu while a Get-WmiObject call parses the whole event log to match my specified filter.
Situation: I am working on a script that remotely runs some checks, then reboots a pc. I want it to check the health once the server reboots (after sleeping for some time) to make sure services that were supposed to start did. I've been running into "Automatic" services that start and then shut down (as intended) but then my current version picks them up as failed if they've already run. It was suggested that I check the event log for "Service Control Manager" errors, and report on those, the only problem now is that with the below script, we have servers who's event log can range anywhere from 20K to several hundred thousand events, and on a 2k server with 20K, this takes roughly 20 seconds to complete, and the cpu pegs near 100% while it's running.
I'm still learning powershell/wmi, so any advice would be appreciated.
function Check_Startup_Events {
BEGIN {
$time = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime((Get-Date).AddMinutes(-15))
}
PROCESS {
$results = Get-WmiObject Win32_NTLogEvent -computername $_ -Filter "LogFile='System' and SourceName='Service Control Manager' and TimeGenerated>='$time' and EventType=1" |
Format-Table -Autosize EventCode, Message
$results
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我在我们环境中的 W2K 服务器上针对 60k 大事件日志运行了此命令。它需要一段时间才能运行,但在本地运行并且不会对服务器造成负担。不确定您想要如何输出数据,但我认为 Get-EventLog 会做您想要的。
I ran this against a 60k big event log on a W2K server in our environment. It takes a while to run but runs locally and does not tax the server. Not sure how you would want to output the data but I think Get-EventLog will do what you want.