0

I am having an issue with the writing of a get-eventlog function when I'm writing to a TXT file.

This is my LogWrite function:

#Log Function
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite
{
   Param ([string]$logstring)
   Add-content $Logfile -value $Stamp": "$logstring -Force
}

This is my LogWrite code in part of my script.

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed | Format-List

The issue I am having is its coming out like this in the txt file: Microsoft.PowerShell.Commands.GenericMeasureInfo

But if I simply echo it, it comes out like this (This is an example):

Index              : 2568
EntryType          : Information
InstanceId         : 15
Message            : Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_ON.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {Symantec Endpoint Protection, SECURITY_PRODUCT_STATE_ON}
Source             : SecurityCenter
TimeGenerated      : 3/15/2017 7:46:02 AM
TimeWritten        : 3/15/2017 7:46:02 AM

How can I get this to write to the log this way?

Improve this question
1
  • It seems to only happen when using Add-Content. Any reason as to why? Commented Mar 15, 2017 at 20:25

3 Answers 3

Reset to default
1
  • There is no output from your log function. You are not piping anything into Format-List
  • $OutlookHangDetailed is going to be an array of objects of [System.Diagnostics.EventLogEntry]. You can turn it into a string with $logstring | fl | out-string. Casting directly to a string isn't going to give you the output you are looking for.
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite {
        Param (
            [System.Diagnostics.EventLogEntry[]]$logstring,
            [string]$Logfile,
            [string]$Stamp
        )


        $logentry = "$($Stamp):$($logstring | fl | out-string)"
        Add-Content $Logfile -value $logentry -Force
        $logentry
    }

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed $Logfile $Stamp
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue >> "..\Logs\$(gc env:computername)_Outlook.log"

This will work as expected

Improve this answer

2 Comments

This works, partially. I am trying to format it like this using Format-List Index : 2568 EntryType : Information InstanceId : 15 Message : Updated Symantec Endpoint Protection status point Protection, SECURITY_PRODUCT_STATE_ON} Source : SecurityCenter TimeGenerated : 3/15/2017 7:46:02 AM TimeWritten : 3/15/2017 7:46:02 AM But it comes out like this: l y t o S E C U R I T Y _ P R O D U C T _ S T A T E _ O N .
I'd like for it to come out how I have it above when i Echo it, but it doesn't with the command you provided, it seems like it isn't formatted correctly.
0

Maybe like this:

    Function LogWrite
    {
       param (
         $logstring
       )

       $Stamp | Out-File -Encoding UTF8 -FilePath $Logfile -Append -Force
       ($logstring | Format-List) | Out-File -Encoding UTF8 -FilePath $Logfile -Width 1024 -Append -Force
    }

And call your function with:

    LogWrite $OutlookHangDetailed
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.