<

PowerShell and the EventViewer

Published on
12,478 Points
6,178 Views
3 Endorsements
Last Modified:
Approved
With PowerShell 2.0 being released with Windows 7 and Server 2008 R2 there are plenty of fun stuff to do.  Although what I'm about to show you is not specific to PowerShell 2.0 but it a great way to pull info from the Event Viewer.

When I'm presented with a problem on a server one of the first place I go is the Event Viewer.  Sure there are ways to filter it but I'd always wanted a way to dump that filter into another file to review later on another system.  PowerShell gives you a great method for displaying events as well as saving those results to a file.

The Event Log has several cmdlets available which can be seen here:

Get-EventLog
Clear-EventLog
Write-EventLog
Limit-EventLog
Show-EventLog
New-EventLog
Remove-EventLog

As you can see you can read an write to the Event Viewer here.  The Get-EventLog cmdlet is a favorite of mine.  With it you specify which Event Log to view and off you go.  Below is an example of using that command and showing how to only list the first 20 events.

Get-Eventlog -Logname System -Newest 20

Now if you want to save that you have several options.  You can save it as a text, htm or csv file.  Realize it may take awhile to build the whole file.  Below show the commands needed to output the files.

Get-Eventlog System | Out-file c:\Temp\system.txt
Get-Eventlog System | ConvertTo-html | Out-file c:\Temp\system.htm
Get-Eventlog System | ConvertTo-csv| Out-file c:\Temp\system.csv

The great thing is you dont have to show everything.  If you want you can filter by the Event ID by using the -instanceid switch.  Below is an example.

Get-Eventlog System -instanceid 4 | Out-file c:\Temp\EventID4.txt

As you can see PowerShell is really handy when it comes to EventLog management.  The best part is I havent even talked about Remoting.  You can use PowerShell to remote into other machines in your environment running PowerShell 2.  But that is another story...
3
Comment
Author:Brian
0 Comments

Featured Post

Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Join & Write a Comment

Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦
Loops Section Overview

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month