Last Tuesday in part I of this series, we looked at how to use the built in Date/Time methos to find how long ago an event was written in a Windows event log. But what about date/time information that we cannot receive in the correct format because it came from a third party product? No problem. We will work with what data is provided.
The Get-Time cmdlet returns an object of System.DateTime fortunatly, using the New-Object cmdlet, we can create a new System.DateTime object with information from our logs. Your first task will be to parse the data so you can extract as much date time information as possible.
Once you have done that, you need to create a DateTime object.
$MyDate = New-Object System.DateTime.
Now take a look at the contents of this object.
$MyDate
To view the information that we need to plug into this object, type $MyDate | FL.
By changing just one property of this object, we will get it to reflect our date. Type $MyDate | GM -MemberType ScriptProperty
The DateTime property accepts arguments in the form of Year, Month, Day, Hour, Minute, Second, The hour must be in 24 hour format. The month is an integer value. To set our date:
$MyDate = New-Object System.DateTime 2009, 3, 24, 15, 24, 00
Now Type $MyDate
Ok, we now have our object with the correct date/time form our log. We can now find the difference between these two dates.
(The $Today is left over from last week. To generate it, first type $Today = Get-Date)
$Today.Subtract($MyDate)
To Get the individual properties, assign this to a variable.
$DateDiff = $Today.Subtract($MyDate)
The only part that I cannot help you with is the extraction of the date/time info from your event logs. You need to come up with the code for that. I will suggest reading each line of code into a variable and using the Split method to extract what you need.
Comments