Event Logs (PowerShell)

Get the Application Log

get-eventlog application

Get the First 10 Events from the Application Log

get-eventlog application -newest 10

 

Get event 1042 from the Application Log

get-eventlog -log application | where {$_.eventID -eq 1042}
 

 

This example will write a custom event log entry to the “Application Log”. This will allow you to also create a test event with an ID that’s higher than 1000 which is a limitation of the EventCreate utility.

$EventLog = New-Object System.Diagnostics.EventLog(‘Application’)   # Type in the name of the Event Log here.
$EventLog.MachineName = “.”   # Computer Name where you wish to log the event.
$EventLog.Source = “Admin Team”   # Source of the event
$EventID = 6969   # The Event ID Number
$EventLog.WriteEntry(“Test Event”,”Warning”, $EventID)   # This line writes the actual event

 

 

$OpsMgrLog = get-wmiobject -query “Select Eventcode, TimeGenerated, Message from win32_ntlogevent where logfile=’Operations Manager’ AND eventcode=’7019′ AND TimeWritten >=’$BeginDate'” -computername $servername  -Credential $Cr

Get-WinEvent -listlog * -ea silentlycontinue | Where {$_.IsEnabled -eq $True} | select LogName, FileSize, IsClassicLog, LastWriteTime | sort LastWriteTime -desc

 
Comments

No comments yet.

Leave a Reply