Enabled Logs with Data – 2012 PowerShell Scripting Games Beginner Event #7
Display a list of enabled logs that contain data. Do not display errors. Include hidden logs. Display the complete log name and number of entries. Sort by the logs with the most entries in them.
My research on this one lead me to the Use PowerShell to Query All Event Logs for Recent Events blog article on the Hey, Scripting Guy! Blog. I also used the online help by running Get-Help Get-WinEvent -Online. Example #3 was of particular interest:
By viewing the help, I was able to determine that the Force
parameter would display debug and
analytic logs that are hidden by default. I used -ErrorAction SilentlyContinue
since I wasn't
required to handle errors, only to prevent them from displaying. Then I piped my command to the
Where-Object
cmdlet similar to the help for example #3 as shown in the screenshot above. I added a
-and
and the other condition of IsEnabled
. I determined that IsEnabled
was a property by
piping the first command to Get-Member
:
Then I piped it to Sort-Object RecordCount -Descending
to sort as required. The most
difficult portion of this entire scenario was the requirement of "You should display the complete
log name, and the number of entries in the log." I initially piped my output to Format-Table
with
the AutoSize
parameter. I tested my code thoroughly and determined that if I used the AutoSize
parameter, this requirement would not be met if my PowerShell console window was narrow enough such
as 60 pixels wide:
The AutoSize
parameter does not guarantee that the data will not be truncated as you can see here
in this PowerShell console window that had been re-sized to 60 pixels wide:
I decided to use the Wrap
parameter since the width of the judges PowerShell console window was
outside of my control and it would ensure that this requirement would be met no matter how narrow
the PowerShell console was as shown in this 60 pixel wide window:
Wrap
at 15 pixels wide: AutoSize
at 15 pixels wide:
Now which one of these options is guaranteed to meet the requirements of this scenario?
Here's the one liner I submitted for this event:
1Get-WinEvent -ListLog * -Force -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount -and $_.IsEnabled} | Sort-Object RecordCount -Descending | Format-Table -Property LogName, RecordCount -Wrap
µ