Chapter 23. Event Logs
Introduction
Event logs form the core of most monitoring and diagnosis on
Windows. To support this activity, PowerShell offers both the Get-EventLog and Get-WinEvent cmdlets to let you query and work
with event log data on a system. In addition to simple event log
retrieval, PowerShell also includes many other cmdlets to create, delete,
customize, and interact with event logs.
In addition to the (now “classic”) event logs
exposed by the *-EventLog cmdlets,
Windows Vista and beyond have a significantly expanded and revamped event
logging system compared to Windows XP. The features of the new system are
different enough that we expose them through an entirely new Get-WinEvent cmdlet. If you need to read events
from Vista-style event logs, you’ll need the Get-WinEvent cmdlet. If you need to read events
from classic event logs, the choice is up to you.
List All Event Logs
Problem
You want to determine which event logs exist on a system.
Solution
To list all classic event logs on a system,
use the -List parameter of the
Get-EventLog cmdlet:
PS > Get-EventLog -List Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 20,480 0 OverwriteAsNeeded 1,933 Application 15,168 0 OverwriteAsNeeded 0 DFS Replication 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 8,192 0 OverwriteAsNeeded 0 Media Center 128 0 OverwriteAsNeeded 2 OAlerts 1,024 7 OverwriteOlder 424 ScriptEvents ...
Get Windows PowerShell Cookbook, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
