Monitoring with PowerShell: Monitoring BSODs without event viewer

I’ve written about monitoring BSODs some years ago. Back then I simply used a event log lookup as an example how to monitor BSODs. I never really liked that method because it did not give me all the verbosity I would’ve liked. Moments after I published that blog I’ve actually made a better monitoring set that I did not share; so I figured others might benefit from it now.

I don’t like event log based monitoring as it can get rather resource intensive and you don’t really have a way of getting all the required information out of the events; a good example is which driver actually caused the BSOD. This always meant that after a device experiences a BSOD you’d have to go to the device to check the exact reason. Boo for manual labour! 😉

So to solve this I’ve implemented NirSoft Bluescreenview.exe as a solution. Nir Sofer’s tools are freeware and fantastic for administration at MSPs. Bluescreenview.exe allows us to export all BSODs that occured in the past and displays which specific reason the blue screen had without having to go to the device.

The Script

We’re downloading Bluescreenview from Nir directly in this case, for security reason I would highly recommend hosting the zip file somewhere yourself, of course.

try {
    Invoke-WebRequest -Uri "https://www.nirsoft.net/utils/bluescreenview.zip" -OutFile "$($ENV:Temp)\bluescreeview.zip"
    Expand-Archive "$($ENV:Temp)\bluescreeview.zip" -DestinationPath "$($ENV:Temp)" -Force
    Start-Process -FilePath "$($ENV:Temp)\Bluescreenview.exe" -ArgumentList "/scomma `"$($ENV:Temp)\Export.csv`"" -Wait

}
catch {
Write-Host "BSODView Command has Failed: $($\_.Exception.Message)"
exit 1
}

$BSODs = get-content "$($ENV:Temp)\Export.csv" | ConvertFrom-Csv -Delimiter ',' -Header Dumpfile, Timestamp, Reason, Errorcode, Parameter1, Parameter2, Parameter3, Parameter4, CausedByDriver | foreach-object { $_.Timestamp = [datetime]::Parse($_.timestamp, [System.Globalization.CultureInfo]::CurrentCulture); $_ }
Remove-item "$($ENV:Temp)\Export.csv" -Force

$BSODFilter = $BSODs | where-object { $\_.Timestamp -gt ((get-date).addhours(-24)) }

if (!$BSODFilter) {
write-host "Healthy - No BSODs found in the last 24 hours"
}
else {
write-host "Unhealthy - BSOD found. Check Diagnostics"
$BSODFilter
exit 1
}

And that’s it! this should give you a bit clearer BSODs monitoring where you can see which driver or application caused it, with just a glance. As always, Happy PowerShelling.

Recent Articles

The return of CyberDrain CTF

CyberDrain CTF returns! (and so do I!)

It’s been since september that I actually picked up a digital pen equivalent and wrote anything down. This was due to me being busy with life but also my side projects like CIPP. I’m trying to get back into the game of scripting and blogging about these scripts. There’s still so much to automate and so little time, right? ;)

Monitoring with PowerShell: Monitoring Acronis Backups

Intro

This is a monitoring script requested via Reddit, One of the reddit r/msp users wondered how they can monitor Acronis a little bit easier. I jumped on this because it happened pretty much at the same time that I was asked to speak at the Acronis CyberSummit so it kinda made sense to script this so I have something to demonstrate at my session there.

Monitoring with PowerShell: Monitoring VSS Snapshots

Intro

Wow! It’s been a while since I’ve blogged. I’ve just been so swamped with CIPP that I’ve just let the blogging go entirely. It’s a shame because I think out of all my hobbies it’s one I enjoy the most. It’s always nice helping others achieve their scripting target. I even got a couple of LinkedIn questions asking if I was done with blogging but I’m not. Writing always gives me some more piece of mind so I’ll try to catch up again. I know I’ve said that before but this time I’ll follow through. I’m sitting down right now and scheduling the release of 5 blogs in one go. No more whining and no more waiting.