A very short blog post today. I'm not sure why this is so complicated, maybe there's an easier way, or a more recent cmdlet that allows it to be obtained in an easier way.
I want to list all IP (v4) addresses and nothing else with a single line PowerShell command that is backwards compatible with all versions of PowerShell.
Here's what I came up with:
foreach ( $i in (Get-WmiObject Win32_NetworkAdapterConfiguration -Namespace "root\CIMV2" | where { $_.IPEnabled -eq "True" } | select IPAddress) ) { $i.IPAddress[0] }
Here's a quick breakdown of the command
It's basic structure uses a foreach loop
Foreach ( $TempVariable in $MyVariableList ) { do this }
$i is my temporary variable, that exists only for the purposes of the loop. The Foreach loop will cycle through each object in the second variable, and each time it will be represented by $i
$MyVariableList is a variable that contains many objects, and is often obtained in a script by a separate command. As I want a one-liner, I have substituted this variable with a command that produces a list of objects.
This is my command:
Get-WmiObject Win32_NetworkAdapterConfiguration -Namespace "root\CIMV2" | where { $_.IPEnabled -eq "True" } | select IPAddress)
It uses Get-WMIObject to return the WMI class Win32_NetworkAdapterConfiguration. I chose the Get-WMIObject command to return the IP address data because I know it is compatible with all version of PowerShell. This command on its own returns a large amount of data, so I have piped the results to the Where-Object command. This filters to return only network adapters that are enabled. These results are then piped to the Select-Object command, and this selects the single property of IP address.
 |
| IP Address properties |
The result is an IP address object for each adapter. Each contains both an IPv4 and IPv6 address.
{ do this } Finally the Foreach loop will carry out an action on each object that is returned. In this case it simply takes the object and calls the IPAddress property (which is the only one available). The square brackets specify the 1st result only will be displayed.
 |
| IP Address list |
Simple.
PowerShell is an excellent tool for searching through Windows event logs. I find myself using it more and more these days as it enables me to find the information I need much quicker than using the filter feature of the Event Viewer snap in.
The cmdlet to use for searching the event logs is get-eventlog. For the full help file from PowerShell, enter the following
help Get-EventLog -Full
The get-eventlog cmdlet uses the switch -LogName. This is used to specify the event log you want to search, eg System, Application etc.
To get a list of available event logs, enter
Get-EventLog -List
or
Get-EventLog -LogName *
You can then list all events from that event log with the command Get-EventLog -LogName LogName
Eg,
Get-EventLog -LogName System
This will return everything from the event log, probably hundreds or even thousands of events, so the next job is to filter for the events you are interested in.
We can examine an individual event log to get an idea of how to filter
Get-EventLog -LogName System -Newest 1
This command will return the most recent System event log
The information displayed is a subset of the complete data available for this event log. PowerShell will automatically select the columns to display so that it fits easily on the screen. To see everything, we need to pipe the output to the format-list cmdlet.
Get-EventLog -LogName System -Newest 1 | Format-List -Property *
This command returns all the properties and values for this event log
Now you can see all the familiar properties of the event, such as EventID, EntryType, Time Written etc. I can now filter my result based on one or more of these properties.
For example,
show all events where the message contains "the service entered the stopped state"
show all events where the event id equals 41 and the date is 10 Jan 2015
show all events where the EntryType is error, the source is Asp.Net or .Net runtime and the date is between 01 Jan - 10 Jan 2015
All of this is achieved by piping the results of get-eventlog to the where-object cmdlet
Get-EventLog -LogName System | Where-Object { $_.Message -like "*the service entered the stopped state*" }
In this example you can see that I have used the Message property of the event and the -like operator to match it to the text I am looking for.
Get-EventLog -LogName System | Where-Object { $_.EventID -eq 41 -and $_.TimeWritten -like "01/14/2015*" }
In this example you can see that I have used the EventID and TimeWritten properties of the event
$_.EventID -eq 41
$_.TimeWritten -like "01/14/2015*"
The -and operator links these two properties together
Get-EventLog -LogName System -After (Get-Date -Date '1/1/2015') -Before (Get-Date -Date '10/1/2015') | Where-Object { $_.EntryType -eq "Error" -and ($_.Source -like "Asp.Net*" -or $_.Source -like ".net runtime*") }
In this example I use the date property of the get-eventlog results to filter the events before passing them to the where-object cmdlet. This is done using the -before and -after switches. After that, the where-object command is used in the same way as the previous examples.
The only difference is the two $_.Source properties are surround by brackets (). This is necessary so that the -or operator applies to only those two entries. I could add more $_.Source properties inside the brackets with additional -or operators if I wanted to increase this list beyond 2.
Understanding the PowerShell operators is key to getting the results you want, this link contains useful information about operators
http://technet.microsoft.com/en-gb/library/hh847759.aspx
Finally, you can export your results using any of PowerShell's export commands. I find export-csv works well:
Get-EventLog -LogName System | Where-Object { $_.Message -like "*the service entered the stopped state*" } | Export-Csv C:\scripts\events.csv
