Improved Event Viewer Solution with PowerShell for BSA, with no file dependencies

Version 1
    Share:|

    Credits Due: Richard McLeod for his original post addressing this issue in https://communities.bmc.com/docs/DOC-23470

     

    Viewing Event Viewer via BSA has been missing a clean solution.

     

    There were a couple of workarounds, but they either required software to be installed on the servers or deploying scripts beforehand to be able to view the logs of that system. This can sometimes be inconvenient.

     

    In here I will demonstrate couple of methods using Extended Objects to cleanly achieve our goals and without above constraints.

    The advantage being no extra software or scripts are required to be pre-deployed, its more plug and play.

    However this being based on powershell, it still requires that PowerShell be present on the target system.


    First is a simplified approach using PowerShell and requires PowerShell v2.0 or above

    Second is just improving upon the solution proposed by Richard McLeod to remove its dependencies on files/scripts.

     

    Both approaches are based on PowerShell but differ on the cmdlets used to output the information and it affect its usage.

     

     

    Both solutions use get-eventlog to get the latest XX events from the event log.

    We use some additional formatting so that it can be parsed and presented neatly by the CSV grammar.

     

    Since these form multi-line commands/script using it directly in the Extended Object is error prone, so I suggest converting it to Base64 encoded string first.

    This makes it easier to manage and also tamper proof.


    Solution 1
    ========

     

    PowerShell Commands Used is below, The command is saved into a variable for convenience.

     

    $cmd = '$Host.UI.RawUI.BufferSize = New-Object Management.Automation.Host.Size (4096, 80);(get-eventlog system -newest 20 | select-object EventID,EntryType,TimeGenerated,Source,Message,UserName | convertto-csv -NoTypeInformation) -replace"\r\n",""-replace"`r`n",""-replace"`n",""-replace"`t",""-replace"`v",""-replace"`"",""
    '

     

     

    Now we convert it to Base64 so that it can be easily handled.

    $Bytes = [System.Text.Encoding]::Unicode.GetBytes($cmd)
    $EncodedText =[System.Convert]::ToBase64String($Bytes)

     

    If you want you can write it to a Text file for easier copy-paste:
    $EncodedText | Out-File -file c:\temp\encoded1.txt

     

    If you want to test the command on your system use the following syntax:
    powershell.exe -encodedCommand $EncodedText

     

    When you are ready to go, open the encoded1.txt and copy the encoded string.

    When using it in Extended Objects, be sure to add the -Inputformat None to avoid an issue causing PowerShell to not exit.


    Your Extended Object command will look like this for the above example.

    powershell.exe -Inputformat None -encodedCommand EncodedString

     

    *Due to its usage of ConvertTo-CSV, this requires PowerShell v2.0 or above

     

    See the attachment Solution1.txt for a sample encoded string using the above syntax.

     

     

    Solution 2
    ==========

    This is an improvement of the method provided by Richard McLeod in https://communities.bmc.com/docs/DOC-23470

    It had dependency of having to deploy the scripts before hand to the target servers to be able to use the solution which can be an inconvenience at times.

    So we improve upon it to eliminate those dependencies and resolving some issues along side.

     

    PowerShell Commands Used is below, The command is saved into a variable for convenience.

    We also add commands to manipulate the window buffer size to avoid truncating at 80 lines

    =============================
    $cmd = '$UI = $Host.UI.RawUI
    $UI.BufferSize = New-Object Management.Automation.Host.Size (4096, 80)
    Write-Output "TimeGenerated,EventID,EntryType,Source,Message,UserName"
    $events = get-eventlog application -newest 100 | select-object EventID,EntryType,TimeGenerated,Source,Message,UserName
    $events | ForEach-Object{
    $evtID = $_.EventID
    $evtET = $_.EntryType
    $evtTG = $_.TimeGenerated
    $evtSRC = $_.Source
    $evtMSG = $(($_.Message)-replace"\r\n",""-replace"`r`n",""-replace"`n",""-replace"`t",""-replace"`v",""-replace",",".")
    $evtUSR = $_.UserName
    Write-Output "$evtTG,$evtID,$evtET,$evtSRC,$evtMSG$,$evtUSR"
    }
    exit; '

    $Bytes = [System.Text.Encoding]::Unicode.GetBytes($cmd)
    $EncodedText =[System.Convert]::ToBase64String($Bytes)
    $EncodedText | Out-File -file c:\temp\encoded2.txt
    powershell.exe -encodedCommand $EncodedText
    =============================

     

    When you are ready to go, open the encoded1.txt and copy the encoded string.

    When using it in Extended Objects, be sure to add the -Inputformat None to avoid an issue causing PowerShell to not exit.


    So your Extended Object command will look like this for the above example.

    powershell.exe -Inputformat None -encodedCommand EncodedString

     

    See the attachment solution2.txt for a sample encoded string using the above syntax.

     

     

    Hope this is helpful!!

     

     

    Sumesh P.