What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can i fix Get-WinEvent no matching Events found.

Votes:

0

Hello, We have recently started with PRTG and like it very much so far. I'm trying to monitor an Altaro VM Backup Server. In the KB i've found an artickle with a script to monitor your Altaro. This unfortunately didn't work out of the box so i needed to rewrite the powershell script. After a little trial and error everything works fine when i execute the script on the Server directly. The Problem comes when PRTG starts the Script, because it cant find Events. I've entered the windows credentials for the Server and set the security Context to Use Windows credentials of parent device. The logfile says:

Get-WinEvent : Es wurden keine Ereignisse gefunden, die den angegebenen Auswahlkriterien 
entsprechen.
In C:\Program Files (x86)\PRTG Network Monitor\custom sensors\EXEXML\altarofunzt.ps1:38 Zeichen:12
+  $Events = Get-WinEvent -FilterHashTable @{ProviderName=$ProviderName ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventComm 
   and
 ...

I would very much appreciate a solution because i can't think of anything that could cause such a problem.

Kind Regards Marco Riechen

altaro get-winevent script

Created on Apr 15, 2019 12:43:05 PM

Last change on Apr 15, 2019 12:44:46 PM by Torsten Lindner [Paessler Support]



3 Replies

Votes:

0

Hi Marco,

Without the script there is no way to help you - I do not have ALTARO here but I have some experience with scripts and PRTG as well..

Post your script and lets see what is going on..

I further suggest you log on to your PRTG server as the user that is supposed to execute the script.. then start a PowerShell in x86 and see if you get results.. if not - see what is the issue...

Most important remains the script itself of course :-)

Regards

Florian Rossmark

www.it-admins.com

Created on Apr 15, 2019 1:40:27 PM



Votes:

0

Hi Florian, This is one of the scripts:

# Altaro Backup Monitoring
#-------------------
# Description: Modified script by Robert
# Original script: (c) 2014 Stephan Linke | Paessler AG
# Parameters:
# -VM: VM Name
# -BackupType: local or offsite
# -MaxAge: Maximum age of the log entry to be considered checking (in hours)
# -LimitEntries:  Maximum number of entries to check
# -Loglevel: The numerical level of the log file
# -ProviderName: Provider of the Log file
# -EventId: The ID of the Event
# ------------------

param(  
    [string]$VM,
    [string]$BackupType,
    [int]$MaxAge        = 24,
    [int]$LimitEntries    = 30,
    [string]$LogName    = 'Application'
)

if ($BackupType -eq 'local') { $EventID = 5000 }
elseif ($BackupType -eq 'offsite'){ $EventID    = 5005 }
else { Write-Host `0:Specified BackupType not local or offsite, quitting`; exit 2; }

 $Events = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$Backuptype} -MaxEvents $LimitEntries

foreach ($i in $Events){
    if ($Events.Message -match 'Guest VM Name: '+$VM) { 
write-host "<prtg>"
Write-Host "<result>"
Write-Host "<channel>Response Time</channel>"
Write-Host "<value>1</value>"
Write-Host "<CustomUnit>msecs</CustomUnit>"
Write-Host "</result>"
write-host "</prtg>"
}
}

If i run the script on the Server which is running Altaro it works fine. The Server is on a different site than the Core Server managed by a Remote Probe.

The only part of the script that fails is: $Events = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$Backuptype} -MaxEvents $LimitEntries

It has nothing to do with authentication because it also works if i run it with the local system account.

Regards Marco Riechen

Created on Apr 15, 2019 2:19:20 PM



Votes:

0

Okay - the script has sure an issue - but I come to that.

Do you execute the script via a remote-probe on the target server or from the central PRTG server?

Get-WinEvent might have an x86/x64 issue - please make sure it works in both processing architectures on the target respective who ever executes the script.

The following part is wrong as well:

foreach ($i in $Events){
    if ($Events.Message -match 'Guest VM Name: '+$VM) { 
write-host "<prtg>"
Write-Host "<result>"
Write-Host "<channel>Response Time</channel>"
Write-Host "<value>1</value>"
Write-Host "<CustomUnit>msecs</CustomUnit>"
Write-Host "</result>"
write-host "</prtg>"
}
}

It should be like this:

write-host "<prtg>"
foreach ($i in $Events){
    if ($Events.Message -match 'Guest VM Name: '+$VM) { 

Write-Host "<result>"
Write-Host "<channel>Response Time</channel>"
Write-Host "<value>1</value>"
Write-Host "<CustomUnit>msecs</CustomUnit>"
Write-Host "</result>"
}
}
write-host "</prtg>"

You need to move the PRTG tags out of the loop, otherwise you end up with invalid XML data...

Oh - I think I just saw your real issue:

if ($BackupType -eq 'local') { $EventID = 5000 }
elseif ($BackupType -eq 'offsite'){ $EventID    = 5005 }
else { Write-Host `0:Specified BackupType not local or offsite, quitting`; exit 2; }

 $Events = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$Backuptype} -MaxEvents $LimitEntries

You ask the Eventlog for ID=$BackupType

This is wrong - as for you injecting $BackupType as a string-parameter to the script that has to be either local or remote according to your IF-queries..

You want to use this line instead that is using $EventID there..

 $Events = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$EventID} -MaxEvents $LimitEntries

I did not test this... I don't even have a system to test it with, but you script should now look like this:

# Altaro Backup Monitoring
#-------------------
# Description: Modified script by Robert
# Original script: (c) 2014 Stephan Linke | Paessler AG
# Parameters:
# -VM: VM Name
# -BackupType: local or offsite
# -MaxAge: Maximum age of the log entry to be considered checking (in hours)
# -LimitEntries:  Maximum number of entries to check
# -Loglevel: The numerical level of the log file
# -ProviderName: Provider of the Log file
# -EventId: The ID of the Event
# ------------------

param(  
    [string]$VM,
    [string]$BackupType,
    [int]$MaxAge        = 24,
    [int]$LimitEntries    = 30,
    [string]$LogName    = 'Application'
)

if ($BackupType -eq 'local') {
	$EventID = 5000 
} elseif ($BackupType -eq 'offsite'){ 
	$EventID = 5005 
} else { 
	Write-Host 0:Specified BackupType not local or offsite, quitting`; exit 2; 
}

$Events = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$EventID} -MaxEvents $LimitEntries

write-host "<prtg>"
foreach ($i in $Events){
    if ($Events.Message -match 'Guest VM Name: '+$VM) { 
		
		Write-Host "<result>"
		Write-Host "<channel>Response Time</channel>"
		Write-Host "<value>1</value>"
		Write-Host "<CustomUnit>msecs</CustomUnit>"
		Write-Host "</result>"
		
	}
}
write-host "</prtg>"

I re-formatted it a bit more human-readable / friendly and removed even an ' from the ELSE Write-Host line - while I want to add to it - it won't work at all there I think, cause PRTG expects XML not a regular script response in this specific case, but the odds that you have this scenario are unlikely at all, so I left it...

Further I fear your script won't run at all cause you access $Events.Message while $Events is a collection of entries and it seems to be just wrong... and you don't obey the $MaxAge as well - meaning the event could be rather old...

Look at the following script that might work way more accurate - I wasn't sure about the date-formatting US vs. GERMAN and keep in mind - I can't fully test it - I just typed it up real quick and advanced some shortcomings.. 

# Altaro Backup Monitoring
#-------------------
# Description: Modified script by Robert
# Original script: (c) 2014 Stephan Linke | Paessler AG
# Parameters:
# -VM: VM Name
# -BackupType: local or offsite
# -MaxAge: Maximum age of the log entry to be considered checking (in hours)
# -LimitEntries:  Maximum number of entries to check
# -Loglevel: The numerical level of the log file
# -ProviderName: Provider of the Log file
# -EventId: The ID of the Event
# ------------------

param(  
    [string]$VM,
    [string]$BackupType,
    [int]$MaxAge        = 24,
    [int]$LimitEntries    = 30,
    [string]$LogName    = 'Application'
)

if ($BackupType -eq 'local') {
	$EventID = 5000 
} elseif ($BackupType -eq 'offsite'){ 
	$EventID = 5005 
} else { 
	$TextResponse = "Unknown backup type configured"
}

$cnt = 0 #we count the amount of events found that match $VM and $MaxAge and $BackupType ..... be aware - $LimitEntries limits the total amount of possible events here - not just the once that match - you might want to remove this limitation or set it rather high

If ($TextResponse.Lenght -eq 0) {
	$StartTimeDate = (Get-Date).AddHours(-$MaxAge) #we calculate current date/time minus $MaxAge hours as a date-variable
	$StartTimeString = "" + $StartTimeDate.Day + "/" + $StartTimeDate.Month + "/" + $StartTimeDate.Year #GERMAN DATE - we transform the date-variable in to what the Get-WinEvents parameter expects
	#$StartTimeString = "" + $StartTimeDate.Month + "/" + $StartTimeDate.Day + "/" + $StartTimeDate.Year #AMERICAN DATE - we transform the date-variable in to what the Get-WinEvents parameter expects
	#It might be PowerShell expects an US-american date format as MM/DD/YYYY instead of DD/MM/YYYY - not sure - test it out please

	$EventList = Get-WinEvent -FilterHashTable @{LogName='Application';ID=$EventID;StartTime="$StartTimeString"} -MaxEvents $LimitEntries
	foreach ($Event in $EventList){
		if ($Event.Message -match 'Guest VM Name: '+$VM) { 
			$cnt += 1
		}
	}
}

$XML = "<prtg>"
$XML = "<result>"
$XML = "<channel>Backup Events for VM: $VM in the last $MaxAge hours</channel>"
$XML = "<value>$cnt</value>" #we respond with $cnt - total amount of events found
$XML = "<LimitMinError>1</LimitMinError>" #everything under 1 (meaning 0) would raise an error status
$XML = "</result>"
$XML = "<text>$TextResponse</text>" #we give additional information back - like wrong backuptype was set... 
$XML = "</prtg>"

Function WriteXmlToScreen ([xml]$xml) #just to make it clean XML code...
{
    $StringWriter = New-Object System.IO.StringWriter;
    $XmlWriter = New-Object System.Xml.XmlTextWriter $StringWriter;
    $XmlWriter.Formatting = "indented";
    $xml.WriteTo($XmlWriter);
    $XmlWriter.Flush();
    $StringWriter.Flush();
    Write-Output $StringWriter.ToString();
}
WriteXmlToScreen "$XML"

Hope this helps and actually works - would be nice if you can let everyone here know :-)

Regards

Florian Rossmark

www.it-admins.com

Created on Apr 15, 2019 4:02:39 PM

Last change on Apr 15, 2019 6:04:35 PM by Dariusz Gorka [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.