I would like to show how-to work with events under Applications and system Logs using Powershell. Whether it’s an error report, a warning, or just an informational log, one of the most common places for Windows to write logging information is to the event logs. Let we some of the reason to view the window’s log,
- Checking for errors after an unexpected restart.
- To check the reason for service stop.
The Get-Eventlog cmdlet is a powerful and flexible way of pulling data out of the event logs, both in interactive sessions and in scripts. The below code will execute and output the system and application error from the local computer
Example:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#Get log detail using Get-Eventlog cmdlet and here we filter by System Log. #The -Newest 50 parameter, will get first 50 recent entries from a specific event log on the local computer. $sysEvent = Get-Eventlog -Logname system -Newest 50 | where-object { $_.createddate -lt (get-date)} # Filter only Error logs using EntryType parameter. $sysError = $sysEvent | Where {$_.entryType -Match "Error"} Write-Output "*******************************************************" Write-Host "Event Log - System errors" Write-Output "*******************************************************" $sysError | Sort-Object EventID | Format-Table EventID, Source, TimeWritten, Message -auto #Filtering only by Application keyword for Application errors alone. $applicationEvent = Get-Eventlog -Logname application -Newest 50 | where-object { $_.createddate -lt (get-date)} $applicationEvent = $applicationEvent | Where {$_.entryType -Match "Error"} Write-Output "*******************************************************" Write-Host "Event Log - Application errors" Write-Output "*******************************************************" $applicationEvent | Sort-Object EventID | Format-Table EventID, Source, TimeWritten, Message -auto |
OUTPUT:
Get-EventLog cmdlet :
Get-EventLog : Gets the events in an event log, or a list of the event logs, on the local or remote computers.
Syntax:
|
1 2 3 4 |
Get-EventLog [-LogName] <String> [-ComputerName <String[]>] [-Newest <Int32>] [-After <DateTime>] [-Before <DateTime>] [-UserName <String[]>] [[-InstanceId] <Int64[]>] [-Index <Int32[]>] [-EntryType <String[]>] [-Source <String[]>] [-Message <String>] [-AsBaseObject] [<CommonParameters>] |
Execution on Remote Computers:
We don’t have credential parameter in the Get-EventLog. So Instead of the Get-EventLog you may use the Get-WinEvent ,which support param the -Credential or use the Get-WmiObject and class Win32_NTLogEvent
EX :
|
1 |
Get-EventLog -LogName "Windows PowerShell" -ComputerName "localhost", "TFS-Server1", "TFS-Server2" |
Leave A Comment