Wednesday, November 13, 2013

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

 

In my previous blog post, i had tried to cover the basics of “Event Logs”, and in previous post we had also saw the use of “Show-EventLog” cmdlet.

There is no benefit of PowerShell if we are exploring “Event Logs” using GUI tools. So let’s start working on PowerShell console.

There are two main cmdlets in PowerShell those are use to get events from various  “Event Logs”, the first cmdlet  is “Get-EventLog” and the another one is “Get-WinEvent”.

The main difference between these two cmdlets are , The Get-EventLog works only with classic type of Event Logs and on other hand “Get-WinEvent” work with both type of event logs the classic one and the Applications and Service logs too.

Let’s see the use of “Get-EventLog” cmdlet.

Just for your information, I am using Windows 8, so might be you may see few extra event logs in my command outputs.

Let’s check which classic event logs are exists on my laptop. To check that, run the below command.

Get-EventLog -LogName *

You can see that , now we have a list of all classic event logs.

12-11-2013 19-45-00

Let’ see the all events in Application Log,  run the below command. In the below command we are asking Get-Event log to give us the list of all event log entries is the event log name “Application”

Get-EventLog -LogName Application

But, when you run the above command , your PowerShell console will fill with lots-lots-lost of events.

12-11-2013 19-47-28

This massive information is not much useful for us right now, what if ?I want to see the  newest 10 event log entries only.

You can do that, you can use –Newest parameter and provide the number of entries which you want to see.

In below command , we are asking Get-EventLog to show the newest 10 entries in the Event log.

Get-EventLog -LogName Application -Newest 10

12-11-2013 19-51-23

If you want to see more details of the event log entries, you can use “Format-List” cmdlet to  format the output and show us full details of the event log entry.

Get-EventLog -LogName Application -Newest 10 | Format-List -Property *

13-11-2013 00-12-15

If you remember, that in my previous blog post , i have mentioned about four type of log’s severity levels, information, warning, error, critical, Failure Audit and Success Audit , we can use those here too, just to a quick note, Get-EventLog cmdlet doesn’t support the Entry type Critical.

what if, you want to see the newest 10 events of  entry type Warning.

Get-EventLog -LogName Application –EntryType Warning -Newest 10

12-11-2013 20-01-07

See how easy it is Smile 

One last trick for today,

You can also define the the time period in After , before format in Get-Eventlog to see the event logs accordingly.

let see the Application’s event log entries  those are created after 11th Nov 2013

Get-EventLog -LogName Application -After 11/11/2013

12-11-2013 20-05-28

If you want to see the event log entries those are created before a specific date, you can use –Before parameter.

Get-EventLog -LogName Application -Before 11/11/2013

12-11-2013 23-49-43

We also have the flexibility of searching event log entries in a specific time frame, You can use –After and –Before paramters to define a date range to search with-in.

Get-EventLog -LogName Application  -After 7/11/2013  -Before 10/11/2013

12-11-2013 23-57-56

That’s all for today, see you in next post.

Part-1: Working with Event Logs using PowerShell.

Regards

Aman Dhally

 
clip_image001 clip_image002 clip_image003 clip_image005  clip_image007

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.