Powershell Day 8

Day 8 Event Viewver

Event log is a very important trace and diagnose the activity on the system. Using Event Viewer it keeps all the logs for that system. Generally you can open the event viewer using command Run -> Eventvwr or start->Control Panel->Administrative tools ->Event Viewer.

The standard event logs are

Application log



There are additional logs depending upon the application on your system.

If we want to work on event logs it would be very easy to manage using Powershell because from the tool it takes quite some time to work.

PS C:\> get-help get-eventlog  -detailed


    Get-EventLog [-logName] <string> [-newest <int>] [<CommonParameters>]

    Get-EventLog [-list] [-asString] [<CommonParameters>]

To get the list of event logs

PS C:\> get-eventlog -list

  Max(K) Retain OverflowAction                                Entries Name

  —— —— ————–        ——- —-

     512      7 OverwriteOlder              4                          ACEEventLog

…4,240     14 OverwriteOlder         12,007                 Application

     512      7 OverwriteOlder              0                          Internet Explorer

  16,384      0 OverwriteAsNeeded           8                Microsoft Office Diagnostics

  16,384      0 OverwriteAsNeeded         306             Microsoft Office Sessions

…4,240     14 OverwriteOlder         43,882                 Security

…4,240     14 OverwriteOlder         15,834                 System

  15,360      0 OverwriteAsNeeded         352             Windows PowerShell

Generally all the application related logs would be in application log same for security and system. The retention would be of 14days, which can be changed from Action->Properties option.

New event log option “Windows Powershell” or “Powershell” which maintains information and keep the Powershell events tracked. Powershell also provides cmdlets command “get-eventlog”, with this command we can read the event viewers logs (all logs) including Powershell log. For more information on this.

To read the eventlog,

PS C:\> get-eventlog “Application”

Which gives you huge list of information, and which is not easy to read and screen will you scroll on and on… to get better information about the log you have to use the condition/ check to newest option.

PS C:\> get-eventlog “Application” -newest 10

PS C:\> get-eventlog “System” -newest 10

PS C:\> get-eventlog ” Windows PowerShell ” -newest 10

Powershell eventlog will also log the events for exchange servers.

Using condition

PS C:\>get-eventlog “Application” | where

To write the custom event at eventlog

[Diagnostics.EventLog]::WriteEntry(“Application”,“Test Message”,“Information”)

From windows vista (Powershell 2.0) onwards you can use  –similar to this

PS C:\> get-WinEvent

View-> Analytic and Debug log  

You can also trace the eventlog.

As with other cmdlets objects to get the list of properties and methods of get-eventlog

PS C:\> Get-Eventlog “Application” |Get-member

In Powershell you can attach two or more cmdlet commands with | pipe for eg. If you want to use command and export the output to csv

PS C:\> Get-Eventlog “Application” | Where {$_.EntryType -eq “Error”} | Where  {($_.TimeWritten).Date -eq (Get-Date).Date} | Select  Source, Message | Export-csv AppEvnt.csv

And to open the AppEvnt.csv which will be saved in current directory.

PS C:\>.\ AppEvnt.csv


This entry was posted in Powershell and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s