Friday, January 3, 2014

Part– 6 : Working with Event Logs using PowerShell :- Creating New Event Logs and Event Entries.

Yesterday, I blogged about using –FilterXML and –FilterHashTable parameters in the Get-WinEvent cmdlet.
Today we are going to use two new cmdlets, New-EventLog and Write-EventLog  .


Do you ever wish to create a new separate Event Log in Event Viewer, so that you can log all of your event entries there, if yes, this post is for you.

Creating a new separate event log is very simple and straight forward task.  You just need to use New-EventLog cmdlet and then use the –Logname parameter to provide a log name for the new event log, and then –Source parameter, to provide which type of source entries should be written in to this log.
New-EventLog -LogName "MyPoshShell" -Source "Scripts"
When you run the above command and Got error? , Yes, you have to run PowerShell as administrator to create a new Log,
Run PowerShell as Administrator and run the above command again, and you can see, there is No errors.

Now let’s open Event Viewer and see if our new Event Log is created yet or not, and you can see below, that it is there with, but with no event log entries.


Now let’s write some event entries in the event log.


To write event entries in event log, we have to use Write-EventLog cmdlet.
Writing your own event entries, in your own Event log is good idea when you want to capture some information from the script.
Sometime, you may want to create an event entry if your PowerShell script is unable to take backup, or not able to ping any server and you want to record those output or results for future reference.
Note:- When you use Write-EventLog , to create an event log entry, make sure you use the same       –Source name, which you used before in the creating of the new  Event Log, otherwise you will get the below error.

Now let’s create a new event log entry, in our “MyPoshShell” log, with a Source type of “Scripts” and with Entry type “Information” and Event ID “1” and with a normal message that “Script for backing up data works successfully”.

Write-EventLog -LogName "MyPoshShell" -Source "Scripts" -EntryType 4 -EventId 1 -Message "Script for backing up data, works successfully"
And let’s see if this entry is created in our “MyPoshShell” log, and you can see it it’s there.


Now, let’s create another event log entry with an error message.
We didn’t change anything except the type of “Entry Type” and the “Event ID” and message.
Write-EventLog -LogName "MyPoshShell" -Source "Scripts" -EntryType 1 -EventId 9 -Message "Pinging Local DC from script failed, Please contact the INFRA team"

And you can see the event entry is created.
 That’s all for today.
See you in next blog article.

Aman Dhally
clip_image017 clip_image018 clip_image019 clip_image020  clip_image021

No comments:

Post a Comment