shubham kumar
Reputation: 1
How can i capture storport health log using powershell
i'm new to ps scripting , i want to capture event logs of Microsoft-Windows-Storage-Storport/Health using powershell all this data
i have tried these commands but getting error Get-EventLog -LogName Microsoft-Windows-Storage-Storport/Health -InstanceId 511
Get-EventLog -LogName Microsoft-Windows-Storage-Storport/Health also tried Get-WinEvent
Any help will be thankfull
Upvotes: 0
Views: 433
Answers (1)
Vish
Reputation: 466
Try the below to get the object [System.Diagnostics.Eventing.Reader.EventLogRecord]. You can replace the search filters for what you are looking out for:
Get-WinEvent -LogName 'Microsoft-Windows-Storage-Storport/Health' | Where-Object {
$_.Id -eq 512
}
You can then inspect the object by piping Get-Member.
As Thor has suggested, you can run the ToXml() on the object to get all the information you are looking for.
For example:
Get-WinEvent -LogName 'Microsoft-Windows-Storage-Storport/Health' |
select -f 1 |
% { $_.toxml() }
Gives:
<?xml version="1.0"?>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-StorPort" Guid="{c4636a1e-7986-4646-bf10-7bc3b4a76e8e}"/>
<EventID>512</EventID>
<Version>5</Version>
<Level>4</Level>
<Task>201</Task>
<Opcode>0</Opcode>
<Keywords>0x200000000000040</Keywords>
<TimeCreated SystemTime="2022-08-17T08:49:25.4504819Z"/>
<EventRecordID>318</EventRecordID>
<Correlation/>
<Execution ProcessID="4" ThreadID="2852"/>
<Channel>Microsoft-Windows-Storage-Storport/Health</Channel>
<Computer>HF-NB-26.landsnet.far.local</Computer>
<Security UserID="S-1-5-18"/>
</System>
<EventData>
<Data Name="PortNumber">0</Data>
<Data Name="PathID">0</Data>
<Data Name="TargetID">0</Data>
<Data Name="LUN">0</Data>
<Data Name="ClassDeviceGuid">{6582d3ef-ac27-f50c-c6a3-c718a5ed6004}</Data>
<Data Name="AdapterGuid">{027f5e62-3c52-11ea-ab68-806e6f6e6963}</Data>
<Data Name="MiniportName">stornvme</Data>
<Data Name="VendorId">NVMe </Data>
<Data Name="ProductId">WDC PC SN730 SDB</Data>
<Data Name="SerialNumber">19348C800681 _2017</Data>
<Data Name="BootDevice">true</Data>
<Data Name="SystemUptime_s">1295298</Data>
<Data Name="CriticalWarning">0</Data>
<Data Name="NvmeHealthLogLength">216</Data>
<Data Name="NvmeHealthLog">004201640A0200000000000000000000000000000000000000000000000000005F0662020000000000000000000000009ABCD101000000000000000000000000E8BD62310000000000000000000000007604842B000000000000000000000000EE050000000000000000000000000000330A000000000000000000000000000030060000000000000000000000000000490000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000</Data>
<Data Name="VendorSpecificLogPageCode">0</Data>
<Data Name="VendorSpecificLogPageVersion">0</Data>
<Data Name="VendorSpecificLogLength">0</Data>
<Data Name="VendorSpecificLog"/>
</EventData>
</Event>
Or to only extract Event.EventData.Data:
Get-WinEvent -LogName 'Microsoft-Windows-Storage-Storport/Health' |
select -f 1 |
% { ([xml]$_.toxml()).event.eventdata.data }
Output:
Name #text
---- -----
PortNumber 0
PathID 0
TargetID 0
LUN 0
ClassDeviceGuid {6582d3ef-ac27-f50c-c6a3-c718a5ed6004}
AdapterGuid {027f5e62-3c52-11ea-ab68-806e6f6e6963}
MiniportName stornvme
VendorId NVMe
ProductId WDC PC SN730 SDB
SerialNumber 19348C800681 _2017
BootDevice true
SystemUptime_s 1295298
CriticalWarning 0
NvmeHealthLogLength 216
NvmeHealthLog 004201640A020000000000000000000000000000000000000000000000...
VendorSpecificLogPageCode 0
VendorSpecificLogPageVersion 0
VendorSpecificLogLength 0
VendorSpecificLog
Upvotes: 2
Related Questions
- Write Event to Eventlog with powershell
- Powershell get eventlog source
- Export Critical, Warning and Errors events from Windows Logs
- Powershell - Getting advanced eventlog informations (xml?)
- How to get powershell log
- Powershell: Need to get Event Viewer log
- Working with Windows Event Logs in PowerShell
- How to get event message using Powershell?
- Monitoring Security logs for EventID using Powershell
- writing event log to file, powershell