$timelimit = (get-date).AddMinutes(-65)
$logpath = "C:\_SCRIPT_\_SCHED_\_Eventlog_to_SQL.txt"
$now = get-date
$nowstring = "{0:yyyy-MM-dd-HH:mm:ss}" -f $now
$dbServer = "myserver"
$dbDatabase = "logdb"
$dbuid = "logdbuser"
$dbpwd = "logdbpass"
$dbTableFWevents = "dbo.fwevents"
$FWEvents = Get-WinEvent -logname ForwardedEvents | where-object {$_.timecreated -ge $timelimit} | Select * | Sort-Object TimeCreated
$FWEventsstat = $FWEvents | Measure-Object
$dbConnection = New-Object System.Data.SqlClient.SqlConnection
$dbConnectionString = "Server=$dbServer;Database=$dbDatabase;Integrated Security=True;User ID=$dbuid;Password=$dbpwd;Connect Timeout=0"
$dbconnection.ConnectionString = $dbConnectionString
$dbconnection.Open()
$transaction = $dbConnection.BeginTransaction("LogParserUpload")
$nowstring + " ---START---" | out-file $logpath -Append
$nowstring + " EVENT COUNT: " +$FWEventsstat.Count | out-file $logpath -Append
foreach ($evnt in $FWEvents)
{
$Command = $dbconnection.CreateCommand()
$Command.CommandText = "INSERT INTO "+$dbDatabase+"."+$dbTableFWevents+" (Message, Id, Level, ProviderName, LogName, ProcessId, ThreadId, MachineName, UserId, TimeCreated, LevelDisplayName) VALUES (@Message, @Id, @Level, @ProviderName, @LogName, @ProcessId, @ThreadId, @MachineName, @UserId, @TimeCreated, @LevelDisplayName)";
if ([string]$evnt.message){$Command.Parameters.Add("@Message", [string]$evnt.Message);}else{$Command.Parameters.Add("@Message", [DBNull]::Value);}
if ([string]$evnt.id){$Command.Parameters.Add("@Id", [string]$evnt.id);}else{$Command.Parameters.Add("@Id", [DBNull]::Value);}
if ([string]$evnt.level){$Command.Parameters.Add("@Level", [string]$evnt.level);}else{$Command.Parameters.Add("@Level", [DBNull]::Value);}
if ([string]$evnt.providername){$Command.Parameters.Add("@ProviderName", [string]$evnt.ProviderName);}else{$Command.Parameters.Add("@ProviderName", [DBNull]::Value);}
if ([string]$evnt.logname){$Command.Parameters.Add("@LogName", [string]$evnt.LogName);}else{$Command.Parameters.Add("@LogName", [DBNull]::Value);}
if ([string]$evnt.processid){$Command.Parameters.Add("@ProcessId", [string]$evnt.ProcessId);}else{$Command.Parameters.Add("@ProcessId", [DBNull]::Value);}
if ([string]$evnt.threadid){$Command.Parameters.Add("@ThreadId", [string]$evnt.threadId);}else{$Command.Parameters.Add("@ThreadId", [DBNull]::Value);}
if ([string]$evnt.machinename){$Command.Parameters.Add("@MachineName", [string]$evnt.MachineName);}else{$Command.Parameters.Add("@MachineName", [DBNull]::Value);}
if ([string]$evnt.userid){$Command.Parameters.Add("@UserId", [string]$evnt.UserId);}else{$Command.Parameters.Add("@UserId", [DBNull]::Value);}
if ([string]$evnt.timecreated){$Command.Parameters.Add("@TimeCreated", [string]$evnt.TimeCreated);}else{$Command.Parameters.Add("@TimeCreated", [DBNull]::Value);}
if ([string]$evnt.leveldisplayname){$Command.Parameters.Add("@LevelDisplayName", [string]$evnt.LevelDisplayName);}else{$Command.Parameters.Add("@LevelDisplayName", [DBNull]::Value);}
$Command.Transaction = $transaction
$eredmenyin = $Command.ExecuteNonQuery()
$nowstring + " INSERT RESULT: " +$eredmenyin | out-file $logpath -Append
}
$eredmenytr = $transaction.Commit()
$nowstring + " TRANSACTION RESULT: " +$eredmenyin | out-file $logpath -Append
$nowstring + " ---END---" | out-file $logpath -Append
#$transaction.Rollback()
$dbconnection.Close()
Hello guys。 由於歷史原因,我們通過Windows服務器Forwarded Event解決方案收集了一堆服務器信息。 轉發事件並不容易從收集計算機收集,因爲logparser和其他解決方案很難訪問它。 所以我決定收集並上傳它與Powershell。Powershell SQL插入隨機失敗
腳本每60分鐘按計劃運行一次,向後收集事件65分鐘。
腳本運行良好。但有時會跳過1-2行。我不懂爲什麼。它不會跳過整個會話 - 但例如,如果在65分鐘的時間間隔內有5個事件,則會上傳4.下次,它流利地運行。下次再次從10個事件2中隨機跳過。
我想知道爲什麼。但我不明白原因,我不知道如何記錄實際的插入命令來修復它,或創建其他錯誤處理。 (你可以看到我也實現了交易 - 希望不會錯,而交易也可以)。
不知道如何找到錯誤的原因和/或來源。
您是否檢查過表上的模式?也許您試圖將null傳遞給字段那些被標記爲非空? – ewahner