PowerShell Get-EventLog Cmdlet
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed Resume-Service cmdlet in PowerShell.
https://cloudaffaire.com/powershell-resume-service-cmdlet/
In this blog post, we will discuss Get-EventLog cmdlet in PowerShell. You can use Get-EventLog cmdlet to get the windows event logs. Event Log is the central logging location where all the OS and application logs are stored. For those who are familiar with Linux, the event log is similar to Syslog on Linux. You can get event logs of a local or remote computer using Get-EventLog cmdlet.
Note: Get-EventLog uses a Win32 API that is deprecated in a new version of Windows OS. The results may not be accurate. Use the Get-WinEvent cmdlet instead.
Get-EventLog Cmdlet Syntax:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
## Get-EventLog ## [-LogName] ## [-ComputerName ## [-List] ## [-AsString] ## [-Newest ## [-After ## [-Before ## [-UserName ## [[-InstanceId] ## [-Index ## [-EntryType ## [-Source ## [-Message ## [-AsBaseObject] ## [ |
Get-EventLog Cmdlet Argument List:
- –After: Gets events that occurred after a specified date and time.
- –AsBaseObject: Indicates that this cmdlet returns a standard System.Diagnostics.EventLogEntry object for each event.
- –AsString: Indicates that this cmdlet returns the output as strings, instead of objects.
- –Before: Gets events that occurred before a specified date and time.
- –ComputerName: This parameter specifies a remote computer’s NetBIOS name, Internet Protocol (IP) address, or a fully qualified domain name (FQDN).
- –EntryType: Specifies, as a string array, the entry type of the events that this cmdlet gets. The acceptable values for this parameter are:
- Error
- Information
- FailureAudit
- SuccessAudit
- Warning
- –Index: Specifies the index values to get from the event log. The parameter accepts a comma-separated string of values.
- –InstanceId: Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string of values.
- –List: Displays the list of event logs on the computer.
- –LogName: Specifies the name of one event log. To find the log names use Get-EventLog -List. Wildcard characters are permitted. This parameter is required.
- –Message: Specifies a string in the event message. You can use this parameter to search for messages that contain certain words or phrases. Wildcards are permitted.
- –Newest: Begins with the newest events and gets the specified number of events. The number of events is required, for example -Newest 100.
- –Source: Specifies, as a string array, sources that were written to the log that this cmdlet gets. Wildcards are permitted.
- –UserName: Specifies, as a string array, user names that are associated with events. Enter names or name patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
PowerShell Get-EventLog Cmdlet:
Get Members Of Get-EventLog Cmdlet:
|
1 2 3 4 5 6 7 8 |
######################################## ## PowerShell | Cmdlet | Get-EventLog ## ######################################## ## PowerShell Latest Version (5) ## get members of Get-EventLog Get-EventLog -LogName "System" -Newest 1 | Get-Member |
List Different Types Of Event Logs In Your System:
|
1 2 3 |
## get a list of event logs available in your system Get-EventLog -List |
Get Latest 100 Event Logs For Your System Using PowerShell:
|
1 2 3 |
## get latest 100 event logs for your system Get-EventLog -LogName "System" -Newest 100 |
Get Last 24 Hours Event Logs For Your System In PowerShell:
|
1 2 3 4 |
## get last 24 hours event logs for your system $date = (get-date).AddDays(-1) Get-EventLog -LogName "System" -After $date |
Get Event Logs For A Specific Time In PowerShell:
|
1 2 3 4 5 |
## get event logs for a specific time $start_time = "04 October 2020 00:00" $end_time = "04 October 2020 09:00" Get-EventLog -LogName "System" -After $start_time -Before $end_time |
Get Event Logs For A Specific Date In PowerShell:
|
1 2 3 4 5 |
## get event logs between specific dates $start_date = "04 October 2020 00:00" $end_date = "06 October 2020 00:00" Get-EventLog -LogName "System" -After $start_date -Before $end_date |
Get All Error Related Event Logs In Your System Using PowerShell:
|
1 2 3 |
## get all the error message in your event log Get-EventLog -LogName "System" -EntryType "Error" -Newest 10 |
Get All Event Logs For A Specific Application In PowerShell:
|
1 2 3 |
## get all event logs for a specific application Get-EventLog -LogName "Application" -Source "VSS" -Newest 10 |
Get All Event Logs With A Specific Event-ID In PowerShell:
|
1 2 3 |
## get all event logs with a specific event-id Get-EventLog -LogName "Application" | WHere-Object {$_.EventID -eq 13} |
Get All Event Logs Containing A Certain Word In Message Using PowerShell:
|
1 2 3 |
## get all the event logs containing a specific word in message Get-EventLog -LogName "Application" -Message "*Volume Shadow Copy*" -Newest 10 |
Get Event Logs For A Remote Computer In PowerShell:
|
1 2 3 |
## get event logs from a remote computer Get-EventLog -ComputerName "system1" -LogName "System" -Newest 1 |
Hope you have enjoyed this article. In the next blog post, we will discuss Get-WinEvent CmdLet in PowerShell.
To Set more details on PowerShell, kindly follow below official documentation