Part I: PowerShell for Exchange Fundamentals
62
What makes more sense is to add a filter clause to filter for events that you may find more interesting.
Suppose you would like to check the most recent 2000 events for instances of errors and warnings from
source MSExchange ADAccess . The command would use the Where-Object cmdlet described in
Chapter 1 to filter for the event type and source as shown in this example:
[PS] C:\ > Get-EventLog -LogName Application -Newest 2000 | where {($_.entrytype -
eq ???Error??? -or $_.entrytype -eq ???Warning???) -and $_.Source -eq ???MSExchange ADAcce
ss???}
Index Time Type Source EventID Message
----- ---- ---- ------ ------- -------
2191 Jul 22 21:02 Erro MSExchange ADAccess 2102 Process MAD.EXE (PID=...
863 Jul 14 14:06 Warn MSExchange ADAccess 2121 Process STORE.EXE (PI...
862 Jul 14 14:06 Erro MSExchange ADAccess 2104 Process STORE.EXE (PI...
861 Jul 14 14:06 Erro MSExchange ADAccess 2102 Process MAD.EXE (PID=...
This command uses Get-EventLog to gather the newest 2000 events from the Application event log.
This collection of event objects is then passed by pipeline to the where clause for filtering. The first part
of the filter checks to see if the event is of type ???Error??? or of type ???Warning??? . The second part of the
filter checks to see if the event is from source ???MSExchange ADAccess??? .
Pages:
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120