ScriptCenter EventLog Article

ScriptCenter EventLog Article

  • Comments 5

ScriptCenter has a very good article exploring the use of Windows PowerShell to analyze your eventlogs.  Check it out at:

http://www.microsoft.com/technet/scriptcenter/topics/msh/cmdlets/get-eventlog.mspx

PSMDTAG:CMDLET: Get-EventLog

PSMDTAG:FAQ: EventLog - How do I find out what event logs exist?  ANSWER: Get-EventLog -list

PSMDTAG:FAQ: EventLog - How can I get the most recent events?  ANSWER: Get-EventLog System -Newest 100

PSMDTAG:FAQ: EventLog - how do I find all event with a particular ID?  ANSWER: Get-EventLog System |where {$_.EventID -eq  7036}

PSMDTAG:FAQ: Eventlog - How can I find out which eventid has the most events?  ANSWER: Get-EventLog System |group EventID |sort -desc count |select -first 10

Jeffrey Snover [MSFT]
Windows PowerShell/Aspen Architect
Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

Leave a Comment
  • Please add 7 and 7 and type the answer here:
  • Post
  • You seem to be answering these questions far to easily.

    So lets try this one.
    Assuming domain authentication isn't a problem, how would you adapt the above to retrieve event logs from a specified host.

    Can anyone spell "site wide event collection" :)

    AM
  • > Can anyone spell "site wide event collection" :)

    In V1, you have to use WMI to do this or craft your own remoting.  We'll have remoting support in V1.1

    Jeffrey Snover [MSFT]
    Windows PowerShell/Aspen Architect
    Visit the Windows PowerShell Team blog at:    http://blogs.msdn.com/PowerShell
    Visit the Windows PowerShell ScriptCenter at:  http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
  • Thanks for the update.
    Time for me to have a tinker with WMI.

    Take care and thanks for the product.

    A.
  • How can I use get-eventlog to look at saved (archived) event logs and not live ones? e.g c:\security.evt
  • This currently is not supported, Brian.  This is a great suggestion to file at http://connect.microsoft.com.
Page 1 of 1 (5 items)