Chapter 20. Event Logs

20.0. Introduction

Event logs form the core of most monitoring and diagnosis on Windows. To support this activity, PowerShell offers the Get-EventLog cmdlet to let you query and work with event log data on a system. In addition to PowerShell’s built-in Get-EventLog cmdlet, its support for the .NET Framework means that you can access event logs on remote computers, add entries to event logs, and even create and delete event logs.

20.1. List All Event Logs

Problem

You want to determine which event logs exist on a system.

Solution

To list event logs on a system, use the –List parameter of the Get-EventLog cmdlet:

	PS >Get-EventLog -List

	  Max(K) Retain OverflowAction      Entries Name
	  ------ ------ --------------      ------- ----
	     512      0 OverwriteAsNeeded     2,157 ADAM (Test)
	     512      7 OverwriteOlder        2,090 Application
	     512      7 OverwriteOlder            0 Internet Explorer
	   8,192     45 OverwriteOlder            0 Media Center
	     512      7 OverwriteOlder            0 ScriptEvents
	     512      7 OverwriteOlder        2,368 System
	  15,360      0 OverwriteAsNeeded         0 Windows PowerShell

Discussion

The –List parameter of the Get-EventLog cmdlet generates a list of the event logs registered on the system. Like the output of nearly all PowerShell commands, these event logs are fully featured .NET objects—in this case, objects of the .NET System.Diagnostics.EventLog type. For information on how to use these objects to write entries to an event log, see Recipe 20.8, “Write to an Event Log.”

Tip

Although the heading of the Get-EventLog output shows a table heading called ...

Get Windows PowerShell Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial