Reading Event Logs With PowerShell

 

The command  to read event logs is get-eventlog

To get a list of all the event logs use:

Get-EventLog *

25

To actually get the contents of one of these logs use

Get-EventLog Application

26

This gives you all the content which is way too much information. You could export it to a list. For later consumption

Get-EventLog application | Out-File c:\temp\applicationLog.txt

or you could use pipeline manipulation to get what you want.

Get-EventLog application | select -First 30

27
PS C:\> Get-EventLog application |

Where-Object {$_.EntryType -eq ‘warning’ -or $_.EntryType -eq ‘error’} |

select -First 20 |

select Entrytype,timeWritten,message

By using select and where-object and select statements you can narrow down the information to that which you are interested in.

There are options for computer name and before and after dates. So if you wanted to you could have a scheduled task that runs every day looking for errors and or warnings on all computers in your domain and writes the response to a html file which could be on your web server. Where they could be viewed when needed.

$computers = @(“DC01″,”w8p”,”member01″)

foreach ($computer in $computers){
Get-EventLog application -ComputerName $computer -After ’15/07/2014′ |
where {$_.EntryType -eq ‘warning’ -or $_.EntryType -eq ‘error’} |
select entrytype,message |
ConvertTo-Html |
out-file c:\temp\events.html
}

####################Command straight from help ########################

NAME

Get-EventLog

SYNOPSIS
Gets the events in an event log, or a list of the event logs, on the local or remote computers.

SYNTAX
Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before
<DateTime>] [-ComputerName <String[]>] [-EntryType <String[]>] [-Index <Int32[]>] [-Message <String>] [-Newest
<Int32>] [-Source <String[]>] [-UserName <String[]>] [<CommonParameters>]

Get-EventLog [-AsString] [-ComputerName <String[]>] [-List] [<CommonParameters>]

#####################################################################