Gaining insight from consolidating and summarising Windows Event Logs.

Trawling event logs, man I’m excited. This is the kind of stuff I dream about and it’s what gets me going in the morning. I can’t wait to get stuck into millions of lines of events with the same error innocuous occurring every hundreds of times a second. With that one critical alert buried in all the noise.

I love it as much as I love grating my knuckles on a cheese grater.. Wait a minute, that sounds awful, hang on reviewing event logs is equally awful!

Now that I’ve wasted your time with my pointless preamble, here is how I’ve made things better. In my years reviewing event logs, I’ve taken a few learnings.

  1. It’s tedious
  2. It’s really tedious
  3. I want the information summarized
  4. I want to know if the error is new, or re-occuring.

Yes I can do all the above stuff manually, but why on earth would anyone want to! So I used powershell to improve things.

Let me set the scene. You’ve just patched a critical server and it’s been rebooted. Some of the first things you should review (yes really you should) is the windows system and application event log. So we RDP, open the event log, clikety clickety click and all is well. Sweet, move on to another 50 servers… Well that sucks. So here is a better way.

I produced the following script to do the following.

  1. Get all System and Application log events that are not Informational, so thats the Critical, Error, and Warning events
  2. Group them. If a certain event has repeated itself 1000 times, just tell me once and let me know how many times it appears
  3. Based on item 2, let me know the last time it appeared
  4. Was this event present before I rebooted the server (let’s look back 7 days as a line in the sand)
  5. Who on earth wants to log on to a server, let it take a ComputerName parameter instead
  6. Alternate credentials need to be specified as well as hey you’re running a best practice shop right ūüėČ

Ok enough talk here is the script, hopefully it makes some sort of sense:

And the result?

 

powershell-get-event-log-stats-example
A thing of beauty! A summarized at a glance view of the Windows event logs, to drive better insight and agile decision making in your environment. Strategic staircases, disruption, top down bottom up view, managerial speak etc.. etc.. Essentially, it good bro.

And there you go, lives saved! (from boredom that is, I’m not some kind of hero.. or am I??)

Hopefully that is of use to somebody, in a later blog I will talk about how you can display stuff like this in fancy HTML pages styled with bootstrap. I find that stuff so much cooler than grating your knuckles.

Cheers!

Kicking the Hedgehog – A case for Automation

Hi there, this is my first of hopefully many blogs. I thought I’d start things off talking about hedgehogs and automation, too things that go hand in hand right?? Don’t worry it will all make sense.

When trying to sell the value of automation in a business one of the key problems I say it can overcome is dealing with complacency.¬†When you have a long,¬†repetitive, mind numbing task to do, after performing it time and time again there is the temptation to cut corners to complete it¬†faster. Because, let’s face it, there are other priorities you would rather focus on. Over time, this may mean skipping out essential steps just to get it over with sooner, you become complacent. This can be when bad things happen!

Time for my anecdote :).

Every night at our house I will the rubbish out to our outside bins. It’s just a short five meter walk outside, through a gate, no big deal. It’s normally dark so my process is:

  1. Find shoes
  2. Put on shoes
  3. Get rubbish
  4. go outside
  5. open gate
  6. put rubbish in bin
Exhibit A: The evil hedgehog
Exhibit A: The evil hedgehog

A simple¬† six step procedure right?, well, after performing this over and over, I started getting complacent. I stopped putting on shoes, as this task would take up most of my time (I have two little kids who like to hide daddy’s shoes!). Awesome!, it’s now a four step process, that’s a great return on investment. So I carried on doing this for a few weeks, until one night…

One rather mild night, I was taking the rubbish through the gate as I do every night, without shoes on, ¬†when all of a sudden I kick something… Initially all I hear is the sound of something skimming down my driveway at pace because I hit it pretty hard. After a few seconds, the pain sets in. Sure enough, I’ve just punted a hedgehog down my driveway! The poor little thing was kind enough to leave half a dozen quills sticking out of my feet.

So, as you can see, complacency can cause bad things to happen. Now, if this procedure was automated, (which would probably require some sort of trash robot) you know it would get it right every time, because computers do exactly what you program them to do, there is no risk of complacency.

In a business environment, the risk of not following business processes correctly can be a lot worse than punting a small mammal. For important repetitive tasks within a business, automation (such as PowerShell Workflows / Azure Automation etc..) can make a big difference to ensure consistent accurate results every time.