Monday, December 2, 2013

Part– 4 : Working with Event Logs using PowerShell :- Get-WinEvent

 

Part-1: Working with Event Logs using PowerShell

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

Part–3 : Working with Event Logs using PowerShell :- Get-EventLog

 

In previous posts , i had shown you how to use “Get-EventLog”, now we are going to use “Get-WinEvent” cmdlet, The Get-WinEvent cmdlet is more powerful then “Get-EventLog” cmdlet., 

Get-winEvent works with both type of logs, the legacy/classic event logs and “Applications and Service” types logs.

Let’s start.

To list all the logs those are available on your laptop, we can use –ListLog *  with get-winEvent.

Get-WinEvent -ListLog *

Now you cans see all event logs available on your system.

1

 

There are few logs, those requires administrator privileges to open/see them, if you saw red errors, that mean you can only view those logs only by running run PowerShell as administrator.

2

 

To view any classic event log, you just need to use –LogName paramter and the then logs name as argument.

 

Get-WinEvent -LogName Application

 

3

 

To see “Application and Service Log” the same –LogName paramter will be used.

“”

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin"

 

4

 

If you wan to see, only few logs, you can use –MaxEvents paramter , with how many logs you want to see as argument.

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin" -MaxEvents 10

 

5

 

and if you want to see the oldest log first, you can use use –Oldest parameter.

 

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin"Oldest

6

 

Part-1: Working with Event Logs using PowerShell

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

Part–3 : Working with Event Logs using PowerShell :- Get-EventLog

 

That’s all for today. See you in next blog Post.

Regards

Aman Dhally

clip_image001 clip_image002 clip_image003 clip_image005  clip_image007

 

 

 

 

 

No comments:

Post a Comment