Posted by: Preetam | December 16, 2006

One Liner Saga Continues

Yesterday I read sapien blog yesterday about file age. I was amazed at the power of date formats. I was amazed by simple code

$age=($now.subtract(($file.LastWriteTime))).days

After reading, something just strike me, I though date manulation is becoming so easy, to do such a simple thing you have to all sorts of subroutines and method calls. Working in late night in office never gets me easy and happy sleep. I took that time to think about it and later in the morning I though of cracking UPtime from sysinternals via Powershell. So I began….

With below mentioned code I find out the Magic of one Liner again.

PS E:\PowerShell\MakesSense> Get-EventLog -LogName system |where {$_.eventid -eq “6005”} |sort timegenerated

Index Time Type Source EventID Message
—– —- —- —— ——- ——-
8237 Nov 29 19:21 Info EventLog 6005 The Event log service was started.
8266 Nov 29 19:42 Info EventLog 6005 The Event log service was started.
8299 Nov 29 20:27 Info EventLog 6005 The Event log service was started.
8497 Dec 02 13:20 Info EventLog 6005 The Event log service was started.
8553 Dec 03 03:55 Info EventLog 6005 The Event log service was started.
8591 Dec 03 12:23 Info EventLog 6005 The Event log service was started.
8632 Dec 03 15:32 Info EventLog 6005 The Event log service was started.
8666 Dec 03 22:01 Info EventLog 6005 The Event log service was started.
8740 Dec 04 22:49 Info EventLog 6005 The Event log service was started.
8818 Dec 06 11:46 Info EventLog 6005 The Event log service was started.
8843 Dec 06 16:51 Info EventLog 6005 The Event log service was started.
8897 Dec 07 10:12 Info EventLog 6005 The Event log service was started.
8957 Dec 08 13:17 Info EventLog 6005 The Event log service was started.
9803 Dec 10 21:13 Info EventLog 6005 The Event log service was started.
9859 Dec 11 14:20 Info EventLog 6005 The Event log service was started.
9933 Dec 12 14:12 Info EventLog 6005 The Event log service was started.
9962 Dec 12 20:20 Info EventLog 6005 The Event log service was started.
10025 Dec 13 11:40 Info EventLog 6005 The Event log service was started.
10077 Dec 14 14:12 Info EventLog 6005 The Event log service was started.
10154 Dec 15 14:41 Info EventLog 6005 The Event log service was started.
10551 Dec 16 22:19 Info EventLog 6005 The Event log service was started.

Now next step was to get the system uptime. I got $now=get-date

$uptime=($now.subtract(($Eve.timegenerated))).days but the next question was how I get the most recent 6005 event, time generated subtracted by current time. There was no way I can find when was last time 6005 was written. I was actually going to use bubble sort. I was stubborn of about not using it. Because somewhere I felt there is no need with Powershell, it will do that for me. And it did. After another 3 hours in struggle I realise there must be something to sort which will give me more specific result and below line cracks UPtime.

$now=get-date
$events=Get-EventLog -logname system | where {$_.eventid -eq “6005”} | sort timegenerated |select-object -last 1
foreach($Eve in $Events) {
$uptime=($now.subtract(($Eve.timegenerated))).days
$uptimeh=($now.subtract(($Eve.timegenerated))).hours
$uptimem=($now.subtract(($Eve.timegenerated))).Minutes
$uptimes=($now.subtract(($Eve.timegenerated))).Seconds
write-host $uptime Days – $uptimeh Hours – $uptimem Mins -$uptimes Sec

}


Responses

  1. This is an UpTIme one liner using WMI:

    (get-date).subtract([datetime]::ParseExact([string]((get-wmiobject -class win32_operatingsystem).lastbootuptime).SubString(0, 14),”yyyyMMddHHmmss”, [System.Globalization.CultureInfo]::InvariantCulture))

    You can make function UpTime and run it against other computers:

    function UpTime {
    param([string]$strComputerName)

    (get-date).subtract([datetime]::ParseExact([string]((get-wmiobject -class win32_operatingsystem -computer $strComputerName).lastbootuptime).SubString(0, 14),”yyyyMMddHHmmss”, [System.Globalization.CultureInfo]::InvariantCulture))
    }

    Cheers,
    Aleksandar
    http://powershellers.blogspot.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: