下面显示的 PS 脚本hostname, date and Machine Type将SolarWinds.Net log. 例如,请参阅下面的条目:
ushdc1691: 19087606: Nov 05 13:29:35.131 UTC : %CCM_CALLMANAGER-CALLMANAGER-3-DeviceTransientConnection:
我想知道如何remove在Machine Type and the Hostname.
当系统日志消息条件触发运行此脚本的操作时,此脚本会在 SolarWinds 日志中创建一个事件。警报触发器执行的命令是:
C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe e:\scripts\createsyslogevent.ps1 '${Hostname}' '${Message}'
param
(
[string] $hostname = $(throw "No Hostname supplied"),
[string] $message = $(throw "No Message supplied")
)
$regex = [regex] '(^%:$)' #THis regex assumes MessageType present in $message
$out = $regex.split($message)
if ($out.length -eq '3')
{
write-host "Has MessageType"
write-host $out[1]
$description = $hostname + ": " + $out[1]
write-eventlog -logname SolarWinds.Net -EntryType Error -source AlertingEngine -eventID 6888 -message "$description"
exit
}
$regex1 = [regex] '(^[A-Z][a-z][a-z] \d{1,2} \d\d:\d\d:\d\d 201[1-3] )' #This regex assumes no MessageType, Message starts with date/time and year--we need to test for this pattern first
$out1 = $regex1.split($message)
if ($out1.length -eq '3')
{
write-host "No MessageType, has year in timestamp"
write-host $out1[1]
$description = $hostname + ": " + $out1[1]
write-eventlog -logname SolarWinds.Net -EntryType Error -source AlertingEngine -eventID 6888 -message "$description"
exit
}
$regex2 = [regex] '(^[A-Z][a-z][a-z] \d{1,2} \d\d:\d\d:\d\d )' #This regex assumes no MessageType, Message starts with date/time and there's no year
$out2 = $regex2.split($message)
if ($out2.length -eq '3')
{
write-host "No MessageType, no year in timestamp"
write-host $out2[1]
$description = $hostname + ": " + $out2[1]
write-eventlog -logname SolarWinds.Net -EntryType Error -source AlertingEngine -eventID 6888 - message "$description"
exit
}
$message = [regex]::Replace($message, '(^.+%.+?: )', "");