/build/static/layout/Breadcrumb_cap_w.png

Pulling Event ID

I am wondering if there is a way for KACE to do a report where certain computers have had certain event ID's happen. Basically Event ID 41 and 6008, we are having users that are having BSOD but not minidump folder and the only thing we can see if the unexpected shutdown event ID;s. 

Asked 2 years ago 0 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: Nico_K 2 years ago
Red Belt
1

Endorsed by Nick The Ninja

This should be not a big thing:
First you should write a short powershell script which reads out the Windows-Events (if you use W10 or W11 the Command is Get-WinEvent, before it was different) and grep the ID of your choice. 
(something like Get-WinEvent -LogName THECORRECTLOGNAME | Where-Object { $.Id=EVENTID} )
And verify if there is a result or not.
Then put the results into a CIR and report it in the KACE.
(since I am on tour for this week I have no time to put this one liner together since I need some research for that (in which log the ID can be found for instance)

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ