azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1864dcad4c737337fd42a82b57675f517521c809
claudetools/session-logs/tmp_pluto_applog.ps1
Mike Swanson 31088cb8de sync: auto-sync from DESKTOP-0O8A1RL at 2026-05-15 15:23:02 
Author: Mike Swanson
Machine: DESKTOP-0O8A1RL
Timestamp: 2026-05-15 15:23:02
2026-05-15 15:23:05 -07:00

33 lines
1.5 KiB
PowerShell
Raw Blame History

$start = [datetime]'2026-05-14 18:00:00'
$end = [datetime]'2026-05-15 02:00:00'
# Application log — GuruRMM or sshd errors
$evts = Get-WinEvent -LogName Application -MaxEvents 5000 -ErrorAction SilentlyContinue |
Where-Object { $_.TimeCreated -gt $start -and $_.TimeCreated -lt $end }
Write-Host "Application events in window: $($evts.Count)"
foreach ($e in ($evts | Sort-Object TimeCreated)) {
$msg1 = ($e.Message -split "`n")[0] -replace '\s+',' '
Write-Host "$($e.TimeCreated.ToString('HH:mm:ss')) [$($e.LevelDisplayName)] $($e.ProviderName) ID=$($e.Id) $msg1"
}
# Also: check sshd event log
Write-Host ""
Write-Host "=== OpenSSH/sshd events ==="
try {
Get-WinEvent -LogName 'OpenSSH/Operational' -MaxEvents 100 -ErrorAction Stop |
Where-Object { $_.TimeCreated -gt $start -and $_.TimeCreated -lt $end } |
Sort-Object TimeCreated |
ForEach-Object { Write-Host "$($_.TimeCreated.ToString('HH:mm:ss')) ID=$($_.Id) $(($_.Message -split '`n')[0])" }
} catch { Write-Host "OpenSSH log: $($_.Exception.Message)" }
# Check when GuruRMMAgent service last started/stopped (any time)
Write-Host ""
Write-Host "=== GuruRMMAgent service history ==="
Get-WinEvent -LogName System -MaxEvents 10000 -ErrorAction SilentlyContinue |
Where-Object { $_.Message -like '*GuruRMMAgent*' } |
Sort-Object TimeCreated -Descending |
Select-Object -First 20 |
ForEach-Object { Write-Host "$($_.TimeCreated.ToString('yyyy-MM-dd HH:mm:ss')) ID=$($_.Id) $(($_.Message -split '`n')[0] -replace '\s+',' ')" }
Reference in New Issue View Git Blame Copy Permalink