DEVHIDE
Login Or Sign up

Try/Catch block does not actually execute the get-eventlog cmdlet

696 Views Asked by At

For some reason, when I try to use the security option, it does not actually execute the get-eventlog cmdlet, but writes it to the screen as though it were quoted. The other logs work without the try catch block, but whenever I set them up with the try catch block, they still function as though the cmdlet were quoted.

$eventlogname = Read-Host "Which event log category do wish to view? Enter Application, Security, Setup, System, or Forwarded events"
$lognumber = Read-Host "Enter the number of logs you wish to retrieve"

switch 
    ($eventlogname)
{
     Security {
            $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error, FailureAudit, SuccessAudit, or Information"
            $computernameeventlog = Read-Host "Please enter the hostname to query"

            if ($computernameeventlog -eq "localhost" )
            {
            try
                {
                    {
                    Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber -ErrorAction SilentlyContinue
                    }


                            }
                            catch [System.IO.IOException]
                            {
                                Write-Host "The hostname was incorrect or not available."
                            }
                            catch [System.InvalidOperationException]
                            {
                                Write-Host "The event log does not exist"
                            }
                    }
             else
                {

             try{
                    {
                        Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber -ErrorAction SilentlyContinue 
                    }
                        }
                            catch [System.IO.IOException]
                            {
                                Write-Host "The hostname was incorrect or not available."
                            }
                            catch [System.InvalidOperationException]
                            {
                                Write-Host "The event log does not exist"
                            }
                    }
                }

     "Forwarded events"
     {
        $computernamewinevent = Read-Host "Please enter the hostname to query"
        $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error or Information"
        if ($computernamewinevent -eq "localhost")
        {
            Get-WinEvent -logname forwardedevents -MaxEvents $lognumber | where {$_.leveldisplayname -contains $logseverity}
        }
        else
        {
            Get-WinEvent -logname forwardedevents -MaxEvents $lognumber -ComputerName $computername | where {$_.leveldisplayname -contains $logseverity}
        }
    }
    default
    {
    $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error or Information"
    $computernameeventlog = Read-Host "Please enter the hostname to query"

    if ($computernameeventlog -eq "localhost" )

        {
            Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber 
        }



    else
        {
            Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber
        }
}
}
powershell try-catch get-eventlog
Original Q&A
2

There are 2 best solutions below

3
On BEST ANSWER

In your code you have surrounded the command with brackets ({ }) such as this:

{
Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber -ErrorAction SilentlyContinue 
}

This will produce a script block, which will not execute but output as a string. What you want is remove the brackets.

0
On

If you were to fix the various bracket issues that Micky mentioned, your Catch block would still never run. In the Try block, you must force a terminating error. You forced it to completely ignore errors:

#Note the changed error action:
Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber -ErrorAction Stop

#Get some help on the topic:
Get-Help about_Try_Catch_Finally

Further reading that might help:

Lastly, on an aside, consider more readable formatting. Some popular choices:

Try
{
    #Do something
}
Catch 
{
    #Catch
}

Try {
    #Do something
}
Catch {
    #Catch
}

Many have strong feelings for and against these and other conventions, but as long as you are consistent, you should be good. I see a bit of the first example, but then some cases where you indent the first curly bracket instead of lining it up with the keyword.

Cheers!

Related Questions in POWERSHELL

Related Questions in TRY-CATCH

Related Questions in GET-EVENTLOG

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.