Script: Query Front Ends for Specific Event Log ID’s

I was troubleshooting today with my main Lync man “JP” (who chooses to remain anonymous). Part of our troubleshooting was checking against 6 (and sometimes 12) front ends to see if a specific Event ID appeared in Event Viewer. This was tedious, going to each server and then a lot of them getting no results.

JP said “there should be a script to do this for us”.

And from that comment this script was born. It’s possible someone has already written this script. We didn’t bother looking since it is a fairly simple script. If someone has written this, then let me know and I will give you credit.

The script – Get-CsEventID – is pretty simple. There are 2 mandatory parameters:

-Pool is the name of your Lync pool which is then sent to Get-CsSite to get the names of each of the servers in your pool

-EventID is the Event ID for which you are looking.

The two optional parameters are:

-LogName By default the script searches in the “Lync Server” log but setting this will let you search against other logs like Application or System

-StartTime If you want to limit your search to the past few hours or days, then set StartTime to the number of hours you want to go back. By default, this is set to 72, so it will search back for the past 3 days.

Here are 2 examples:

.Get-CsEventID -Pool -EventID 12288

This will search for Event ID 12288 across the pool. It will search for the past 72 hours for this entry.

.Get-CsEventID -Pool -EventID 6005 -LogName "System" -StartTime 4

This will search the same pool, but now for EventId 6005 in the System log. It will search back the past 4 hours.

Note that Windows Firewall will need to permit access to remote event logs. You can run the following on a Windows 2012 or later server to enable this.

Get-NetFirewallRule | where DisplayName -like  '* Event Log*' | Enable-NetFirewallRule

Grab the script here.


Leave a Reply

Your email address will not be published.