?? Monitoring Application Hangs and Crashes with Windows Event Viewer ??

In today’s fast-paced digital landscape, application performance is critical to business success. One of the key challenges we face is identifying and resolving application hangs and crashes before they impact user experience. Fortunately, Windows Event Viewer provides a powerful tool for monitoring these issues.

?? Why Use Windows Event Viewer? Windows Event Viewer logs system events, including application errors, warnings, and informational messages. By analyzing these logs, you can gain valuable insights into the health of your applications.

?? About the Script

This PowerShell script monitors application crashes and hangs by checking Windows Event Logs over the past 24-hours. It alerts the user if the number of events exceeds a specified threshold, allowing for proactive management of application health.

Additionally, there are other parameters that can be included/modified to fit your needs such as excluding certain applications or adjusting the start time.

Ideally, this script is best suited for an RMM solution; however, it's versatility makes it readily available for troubleshooting while remoted-in to a customer's PC.

Benefits of Monitoring:

• Proactive Issue Resolution: Catch problems before they escalate.
• Improved User Experience: Minimize downtime and maintain productivity

As Kelvin Tegelaar always said, "Happy PowerShelling!"

Note: Running this script requires Administrative privileges

# Define the event IDs to filter
$IDs = "1002", "1000"

# Define optional parameters
$MaxCount = 10 # Set a maximum count for crashes
#$ExcludedApplications = @() # Uncomment and populate if needed

# Create the filter hashtable for event logs
$LogFilter = @{
    LogName   = 'Application'
    ID        = $IDs
    StartTime = (Get-Date).AddDays(-1) # Capture logs from 24 hours ago
}

# Retrieve the event logs based on the filter
$Last24Hours = Get-WinEvent -FilterHashtable $LogFilter -ErrorAction SilentlyContinue

# Check the number of crash logs
IF ($Last24Hours) {
    $crashCount = $Last24Hours.Count

    # Optionally filter out excluded applications
    # $Last24Hours = $Last24Hours | Where-Object { $_.Message -notlike $ExcludedApplications }

    IF ($crashCount -ge $MaxCount) {
        Write-Host "Unhealthy - Number of application crash logs: $crashCount (exceeds maximum allowed: $MaxCount)" -ForegroundColor Yellow
        
        # Print details of the crash logs
        $Last24Hours | Select-Object TimeCreated, Id, Message | Format-Table -AutoSize
    } ELSE {
        Write-Host "Healthy - Number of application crash logs: $crashCount" -ForegroundColor Green
    }
} ELSE {
    Write-Host "Healthy - No application crash logs found" -ForegroundColor Green
}