Get last Server Restart or shutdown event from remote servers
This Script has been written to find out last server restart /shutdown events from list of servers and display them in a simple grid view format.
Create a file named Servers.txt and put in all the servers there one at a line.
Copy the following code and (blue) to a text file and name it Get-RestartEvents.ps1 and save it.
Alternatively you can download the script from my Microsoft TechNet Script Library as well.
Keep both the files at same location and execute the script from PowerShell console.
#####################################################################################################################################################
# Script to find out last reboot event from list of servers in servers.txt, it searchesin System Events on servers and looks for event id 1074: #
# Prints ServerName, Time when the Event got created, Event ID, Event Severity and the message which contains user name who initiated the reboot: #
# To get the output in CSV file just replace "|Out-Gridview" at the fourth last line with "| Export-Csv -NoTypeInformation ServerRebootEvents.csv": #
# This script only queries the event logs and does not perform any write/modification anywhere on the servers, Use it at your own wish. #
# Written by Prakash Kumar Prakash82x@gmail.com on Thursday, March 9, 2017 11:48:55 AM #
#####################################################################################################################################################
$ErrorServers = @()
Get-Content .\Servers.txt |foreach {
$ComputerName = $_
if (Test-Connection -ComputerName $ComputerName -Count 1 -ErrorAction SilentlyContinue ) {
Write-Host -ForegroundColor Yellow "Reading Eventlogs on $ComputerName"
try { Get-WinEvent -computername $ComputerName -FilterHashtable @{logname="System";id="1074"} -MaxEvents 1 -ErrorAction Stop |select @{N='ServerName';E={"$ComputerName"}},TimeCreated,Id,LevelDisplayName,Message
}
catch [Exception] {
if ($_.Exception -match "No events were found that match the specified selection criteria") {
Write-Host -ForegroundColor Red "No events found of selected event Search criteria on Server $ComputerName"
}
}
}
Else { $ErrorServers += "$ComputerName" }
} |Out-GridView
Write-Host " "
Write-Warning "following Servers are not Pingable"
$ErrorServers
#Points to consider:
- Make sure you are executing this script from a server which can connect to each of the target servers:
- The User who invokes this script should have permissions to read the event logs from remote computers:
