22.2. The get-eventlog Cmdlet
The get-eventlog cmdlet allows you to access information contained in various event logs or to list the event logs on the local machine.
NOTE
In Windows PowerShell version 1.0 the get-eventlog cmdlet can access only the local machine. Like other core Windows PowerShell functionality which doesn't explicitly use Windows Management Instrumentation the get-eventlog cmdlet is limited in scope to the local machine. It is likely that a later version of Windows PowerShell will support retrieval of event log information across a network.
In addition to supporting the common parameters, the get-eventlog cmdlet supports the following parameters:
LogName — The name of the log whose content is to be retrieved. This is a required parameter, which is a positional parameter in position 1. It does not support multiple values or wildcards.
Newest — Specifies a number. That number represents how many entries are to be retrieved.
List — Specifies a list of available event logs. This is a named parameter.
AsString — Indicates that the entries in an event log are to be retrieved as string values rather than as objects. Can be used with the -list parameter.
A simple use of the get-eventlog cmdlet is to display the available event logs on the local machine. To do that, use this command:
get-eventlog -List
Figure 22-5 shows the event logs available on a Windows XP machine with Windows PowerShell installed, together with information about their maximum size the action to be ...
Get Professional Windows® PowerShell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.