Windows Event Log in PowerShell - Part II

re: Windows Event Log in PowerShell - Part II

Don Jones — Thu, 11 Jun 2009 19:18:08 GMT

You know, in that last example, does the cmdlet's -computerName parameter support an array? If so, it'd be more straightforward to keep your computer names in a flat file than a CSV (e.g., one name per line with no header). Then you could just use (gc computers.txt) for the -computername parameter and eliminate a ForEach-Object. Or, if -computerName can be pipeline-bound ByPropertyName, you could pipe the output of Import-CSV directly to Get-WinEvent, right? Eliminating ForEach situations is desirable simply because it's less intuitive to newcomers.

re: Windows Event Log in PowerShell - Part II

srikanth — Fri, 12 Jun 2009 00:21:27 GMT

Hi, I liked your cmd window color and font. I tried to setup my cmd window like yours but I didn't find the same fon. Can you tell us your cmd window properties?

re: Windows Event Log in PowerShell - Part II

bonarez — Fri, 12 Jun 2009 22:12:35 GMT

yeah you can provide multiple computers in the -computername 'array' but it's very simple:

$yesterday = (get-date).AddDays(-1)

get-eventlog -logname application -after $yesterday -computername server5,server6 |where {$_.eventID -eq 101} |format-list username

actually using this every day to search for folder redirection errors, bit slow but hey..

re: Windows Event Log in PowerShell - Part II

n4cer — Sat, 13 Jun 2009 20:41:42 GMT

The font used is Calibri, one of the ClearType fonts included in Windows Vista/Office 2007 and higher. It's likely not actually used as their shell font as it isn't fixed-width. The PowerShell "windows" on this page are HTML.

You could try to get it working following these steps (restart required after the mod):

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q247815

but you'd probably need an alternative console host.

If you don't already, you can instead use Consolas (a fixed-width ClearType font made for this scenario). It's available out of the box in Windows 7 RC's console configuration settings. For downlevel platforms, you'll need to register it manually as above. A PowerShell script is also available:

http://blogs.msdn.com/powershell/archive/2006/10/16/Windows-PowerShell-Font-Customization.aspx

re: Windows Event Log in PowerShell - Part II

Kevin Woley — Fri, 19 Jun 2009 20:38:14 GMT

Unfortunately Get-WinEvent does not support arrays for the -ComputerName parameter. Otherwise, Don would be right that the simplest thing to do would be to pass in a list of machines.

Provider has no events logged

Aniket M — Thu, 27 Aug 2009 03:26:48 GMT

How to recover if the provider has no events logged at present ?

Thanks

re: Windows Event Log in PowerShell - Part II

Jp — Sun, 11 Oct 2009 23:05:05 GMT

Hi there

Hope your well

how can i output this to a log file in real time ? can this script be modified to monitor the event logs in real time and output to file ?

psloglist from the pstools was nearly exactly what i was looking apart from that the when outputting to the stdout to file the buffer is delayed by 4kb before it was flushed thus missing event's until 4kb had been reached.

I need a solution that will output events in realtime to a log file, the desired results will then be via a perl script and posted to a db.

thanks in advance