Featured image of post Monitoring with PowerShell: Monitoring BSODs without event viewer
Series: PowerShell Monitoring

Monitoring with PowerShell: Monitoring BSODs without event viewer

I’ve written about monitoring BSODs some years ago. Back then I simply used a event log lookup as an example how to monitor BSODs. I never really liked that method because it did not give me all the verbosity I would’ve liked. Moments after I published that blog I’ve actually made a better monitoring set that I did not share; so I figured others might benefit from it now.

I don’t like event log based monitoring as it can get rather resource intensive and you don’t really have a way of getting all the required information out of the events; a good example is which driver actually caused the BSOD. This always meant that after a device experiences a BSOD you’d have to go to the device to check the exact reason. Boo for manual labour! 😉

So to solve this I’ve implemented NirSoft Bluescreenview.exe as a solution. Nir Sofer’s tools are freeware and fantastic for administration at MSPs. Bluescreenview.exe allows us to export all BSODs that occured in the past and displays which specific reason the blue screen had without having to go to the device.

The Script

We’re downloading Bluescreenview from Nir directly in this case, for security reason I would highly recommend hosting the zip file somewhere yourself, of course.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

try {
    Invoke-WebRequest -Uri "https://www.nirsoft.net/utils/bluescreenview.zip" -OutFile "$($ENV:Temp)\bluescreeview.zip"
    Expand-Archive "$($ENV:Temp)\bluescreeview.zip" -DestinationPath "$($ENV:Temp)" -Force
    Start-Process -FilePath "$($ENV:Temp)\Bluescreenview.exe" -ArgumentList "/scomma `"$($ENV:Temp)\Export.csv`"" -Wait

}
catch {
Write-Host "BSODView Command has Failed: $($\_.Exception.Message)"
exit 1
}

$BSODs = get-content "$($ENV:Temp)\Export.csv" | ConvertFrom-Csv -Delimiter ',' -Header Dumpfile, Timestamp, Reason, Errorcode, Parameter1, Parameter2, Parameter3, Parameter4, CausedByDriver | foreach-object { $_.Timestamp = [datetime]::Parse($_.timestamp, [System.Globalization.CultureInfo]::CurrentCulture); $_ }
Remove-item "$($ENV:Temp)\Export.csv" -Force

$BSODFilter = $BSODs | where-object { $\_.Timestamp -gt ((get-date).addhours(-24)) }

if (!$BSODFilter) {
write-host "Healthy - No BSODs found in the last 24 hours"
}
else {
write-host "Unhealthy - BSOD found. Check Diagnostics"
$BSODFilter
exit 1
}

And that’s it! this should give you a bit clearer BSODs monitoring where you can see which driver or application caused it, with just a glance. As always, Happy PowerShelling.

All blogs are posted under AGPL3.0 unless stated otherwise
comments powered by Disqus
© 2012 - 2023 CyberDrain - Kelvin Tegelaar
Built with Hugo
Theme Stack designed by Jimmy