22.2. The get-eventlog Cmdlet

The get-eventlog cmdlet allows you to access information contained in various event logs or to list the event logs on the local machine.


In Windows PowerShell version 1.0 the get-eventlog cmdlet can access only the local machine. Like other core Windows PowerShell functionality which doesn't explicitly use Windows Management Instrumentation the get-eventlog cmdlet is limited in scope to the local machine. It is likely that a later version of Windows PowerShell will support retrieval of event log information across a network.

In addition to supporting the common parameters, the get-eventlog cmdlet supports the following parameters:

  • LogName — The name of the log whose content is to be retrieved. This is a required parameter, which is a positional parameter in position 1. It does not support multiple values or wildcards.

  • Newest — Specifies a number. That number represents how many entries are to be retrieved.

  • List — Specifies a list of available event logs. This is a named parameter.

  • AsString — Indicates that the entries in an event log are to be retrieved as string values rather than as objects. Can be used with the -list parameter.

A simple use of the get-eventlog cmdlet is to display the available event logs on the local machine. To do that, use this command:

get-eventlog -List

Figure 22-5 shows the event logs available on a Windows XP machine with Windows PowerShell installed, together with information about their maximum size the action to be ...

Get Professional Windows® PowerShell now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.