Showing posts with label Event Viewer. Show all posts
Showing posts with label Event Viewer. Show all posts

Monday, January 6, 2014

Part-7: Working with Event Logs using PowerShell :- Clearing Event Entries and Removing Event Log.

 

Part-1: Working with Event Logs using PowerShell

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

Part–3 : Working with Event Logs using PowerShell :- Get-EventLog

Part–4 : Working with Event Logs using PowerShell :- Get-WinEvent

Part–5 : Working with Event Logs using PowerShell :- Get-WinEvent

Part–6 : Working with Event Logs using PowerShell :- Creating New Event Logs and Event Entries

 

 

 

In my previous post, we talk about the usage of, New-EventLog and Write-EventLog, and we are almost at completion of this series.

Today we are going to use two more PowerShell cmdlets, Clear-EventLog and Remove-EventLog.

 

Clear-EventLog

 

It’s a very simple cmdlet, if you want to clear all event entries from any event log, you can use Clear-EventLog to clear it.

In our “MyPoshShell” event log, you can see there are 4 event entries. Let’s clear our event log.

Note: You have to run these cmdlets as Administrator.

clip_image002

 

Clear-EventLog -LogName 'MyPoshShell'

 

clip_image004

 

Now let’s see if out log is cleared or not, and indeed it is. You can see there are no event entries in the log now.

clip_image006

 

 

Remove-EventLog

 

It’s also another straight forward cmdlet like Clear-EventLog, usage is very simple, type the cmdlet and provide the name of the event log, which you want to delete.

This cmdlet remove complete log, not just entries.

Let’s remove our previously created “MyPoshLog”.

Remove-EventLog -LogName 'MyPoshShell'

Once you run the cmdlet, open the “Event Viewer” and see if logs is still their ;o) .

clip_image007

When you check, our “MyPoshShell” log is not there anymore.

clip_image008

 

 

I hope you have enjoyed this series J .

I hope I will come soon with another series.

 

Regards
Aman Dhally
clip_image017 clip_image018 clip_image019 clip_image020  clip_image021

 

               

Posted by at No comments:
Labels: , , , , , ,

Friday, January 3, 2014

Part– 6 : Working with Event Logs using PowerShell :- Creating New Event Logs and Event Entries.


Part-1: Working with Event Logs using PowerShell
Part–2 : Working with Event Logs using PowerShell :- Get-EventLog
Part–3 : Working with Event Logs using PowerShell :- Get-EventLog
Part–4 : Working with Event Logs using PowerShell :- Get-EventLog
Part–5 : Working with Event Logs using PowerShell :- Get-EventLog



Yesterday, I blogged about using –FilterXML and –FilterHashTable parameters in the Get-WinEvent cmdlet.
Today we are going to use two new cmdlets, New-EventLog and Write-EventLog  .

New-EventLog


Do you ever wish to create a new separate Event Log in Event Viewer, so that you can log all of your event entries there, if yes, this post is for you.

Creating a new separate event log is very simple and straight forward task.  You just need to use New-EventLog cmdlet and then use the –Logname parameter to provide a log name for the new event log, and then –Source parameter, to provide which type of source entries should be written in to this log.
New-EventLog -LogName "MyPoshShell" -Source "Scripts"
When you run the above command and Got error? , Yes, you have to run PowerShell as administrator to create a new Log,
clip_image002
Run PowerShell as Administrator and run the above command again, and you can see, there is No errors.
clip_image004

Now let’s open Event Viewer and see if our new Event Log is created yet or not, and you can see below, that it is there with, but with no event log entries.

 clip_image006

Now let’s write some event entries in the event log.

Write-EventLog


To write event entries in event log, we have to use Write-EventLog cmdlet.
Writing your own event entries, in your own Event log is good idea when you want to capture some information from the script.
Sometime, you may want to create an event entry if your PowerShell script is unable to take backup, or not able to ping any server and you want to record those output or results for future reference.
Note:- When you use Write-EventLog , to create an event log entry, make sure you use the same       –Source name, which you used before in the creating of the new  Event Log, otherwise you will get the below error.

clip_image008
Now let’s create a new event log entry, in our “MyPoshShell” log, with a Source type of “Scripts” and with Entry type “Information” and Event ID “1” and with a normal message that “Script for backing up data works successfully”.

Write-EventLog -LogName "MyPoshShell" -Source "Scripts" -EntryType 4 -EventId 1 -Message "Script for backing up data, works successfully"
clip_image010
And let’s see if this entry is created in our “MyPoshShell” log, and you can see it it’s there.

clip_image012

Now, let’s create another event log entry with an error message.
We didn’t change anything except the type of “Entry Type” and the “Event ID” and message.
Write-EventLog -LogName "MyPoshShell" -Source "Scripts" -EntryType 1 -EventId 9 -Message "Pinging Local DC from script failed, Please contact the INFRA team"

clip_image014
And you can see the event entry is created.
clip_image016
 That’s all for today.
See you in next blog article.

Regards
Aman Dhally
clip_image017 clip_image018 clip_image019 clip_image020  clip_image021

Posted by at No comments:
Labels: , , , , , , ,

Wednesday, November 13, 2013

Part–2 : Working with Event Logs using PowerShell :- Get-EventLog

 

In my previous blog post, i had tried to cover the basics of “Event Logs”, and in previous post we had also saw the use of “Show-EventLog” cmdlet.

There is no benefit of PowerShell if we are exploring “Event Logs” using GUI tools. So let’s start working on PowerShell console.

There are two main cmdlets in PowerShell those are use to get events from various  “Event Logs”, the first cmdlet  is “Get-EventLog” and the another one is “Get-WinEvent”.

The main difference between these two cmdlets are , The Get-EventLog works only with classic type of Event Logs and on other hand “Get-WinEvent” work with both type of event logs the classic one and the Applications and Service logs too.

Let’s see the use of “Get-EventLog” cmdlet.

Just for your information, I am using Windows 8, so might be you may see few extra event logs in my command outputs.

Let’s check which classic event logs are exists on my laptop. To check that, run the below command.

Get-EventLog -LogName *

You can see that , now we have a list of all classic event logs.

12-11-2013 19-45-00

Let’ see the all events in Application Log,  run the below command. In the below command we are asking Get-Event log to give us the list of all event log entries is the event log name “Application”

Get-EventLog -LogName Application

But, when you run the above command , your PowerShell console will fill with lots-lots-lost of events.

12-11-2013 19-47-28

This massive information is not much useful for us right now, what if ?I want to see the  newest 10 event log entries only.

You can do that, you can use –Newest parameter and provide the number of entries which you want to see.

In below command , we are asking Get-EventLog to show the newest 10 entries in the Event log.

Get-EventLog -LogName Application -Newest 10

12-11-2013 19-51-23

If you want to see more details of the event log entries, you can use “Format-List” cmdlet to  format the output and show us full details of the event log entry.

Get-EventLog -LogName Application -Newest 10 | Format-List -Property *

13-11-2013 00-12-15

If you remember, that in my previous blog post , i have mentioned about four type of log’s severity levels, information, warning, error, critical, Failure Audit and Success Audit , we can use those here too, just to a quick note, Get-EventLog cmdlet doesn’t support the Entry type Critical.

what if, you want to see the newest 10 events of  entry type Warning.

Get-EventLog -LogName Application –EntryType Warning -Newest 10

12-11-2013 20-01-07

See how easy it is Smile 

One last trick for today,

You can also define the the time period in After , before format in Get-Eventlog to see the event logs accordingly.

let see the Application’s event log entries  those are created after 11th Nov 2013

Get-EventLog -LogName Application -After 11/11/2013

12-11-2013 20-05-28

If you want to see the event log entries those are created before a specific date, you can use –Before parameter.

Get-EventLog -LogName Application -Before 11/11/2013

12-11-2013 23-49-43

We also have the flexibility of searching event log entries in a specific time frame, You can use –After and –Before paramters to define a date range to search with-in.

Get-EventLog -LogName Application  -After 7/11/2013  -Before 10/11/2013

12-11-2013 23-57-56

That’s all for today, see you in next post.

Part-1: Working with Event Logs using PowerShell.

Regards

Aman Dhally

 
clip_image001 clip_image002 clip_image003 clip_image005  clip_image007
Posted by at No comments:
Labels: , , , , , ,

Tuesday, November 12, 2013

Part-1: Working with Event Logs using PowerShell.

 

Hi,

I am planning to start a few post series on managing Event Logs with PowerShell.

I do believe that, it doesn’t matter ,which server application are you using or if you are troubleshooting any client’s desktop, when any problem arise, the first step for troubleshooting is the looking at “Event Logs”.

Event Logs is a best place to look for information about almost anything, either it is software, or system wide error, setup errors, booting time, etc. etc.

Event Logs are like a record keeper, it keeps the record of almost everything.

In PowerShell we have few “Cmd-lets” those are designed to work very well with Event Logs.

Now you can imagine all the possibilities by  working with Event Logs and PowerShell,  you can create a reports on Event Logs, you can filter the event logs data  right working on the PowerShell console, you don’t need to open “Event Viewer” to see any new event log, everything is available on the PowerShell console.

Before moving forward let’s take a quick look on basics of Event Logs.

There are two main category of event Logs

  1. Classic Windows Event Logs
  2. Applications and Services Logs.

Classic Windows Event Logs:

11-11-2013 19-55-03

The logs  were also available on the previous version of the windows, that’s why it is known as Classic Logs. In the previous version (before vista) there are only Application Log, System Log and Security log were available, but in Vista, Microsoft added two new  logs,Setup Log and Forwarded Event log.

Application and Services Logs:

11-11-2013 19-59-22

These are the new category of Logs, These logs store event from a single service/component for application and store it on a their independent log.

The Application and Service Logs has four type of Log category.

  1. Admin
  2. Operational
  3. Analytic
  4. Debug

For us (or me) , the most useful are Admin and Operational type of logs.

In Event logs, there are 4 types of event severity levels.

11-11-2013 23-58-34

  1. Information
  2. Warning
  3. Error
  4. Critical

You may find 2 more types of severity level in Security Logs

  1. Success Audit
  2. Failure Audit

 

Where i can see the event logs?

If you want to See event logs in GUI, you can use “Eventvwr.msc” to open event viewer and you can see all logs there.

11-11-2013 20-01-27

Can i open Event viewer using PowerShell.?

Surprisingly, Microsoft created a PowerShell cmdlet to open event viewer mmc.

Type  “Show-Event Log” in the PowerShell console and it will open a “Event Viewer” for you.

11-11-2013 20-03-13 

Cool ! Isn’t?

Take care, will meet in next blog Post.

 

Regards

Aman Dhally

 
clip_image001 clip_image002 clip_image003 clip_image005  clip_image007
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)