Tuesday, November 12, 2013

Part-1: Working with Event Logs using PowerShell.



I am planning to start a few post series on managing Event Logs with PowerShell.

I do believe that, it doesn’t matter ,which server application are you using or if you are troubleshooting any client’s desktop, when any problem arise, the first step for troubleshooting is the looking at “Event Logs”.

Event Logs is a best place to look for information about almost anything, either it is software, or system wide error, setup errors, booting time, etc. etc.

Event Logs are like a record keeper, it keeps the record of almost everything.

In PowerShell we have few “Cmd-lets” those are designed to work very well with Event Logs.

Now you can imagine all the possibilities by  working with Event Logs and PowerShell,  you can create a reports on Event Logs, you can filter the event logs data  right working on the PowerShell console, you don’t need to open “Event Viewer” to see any new event log, everything is available on the PowerShell console.

Before moving forward let’s take a quick look on basics of Event Logs.

There are two main category of event Logs

  1. Classic Windows Event Logs
  2. Applications and Services Logs.

Classic Windows Event Logs:

11-11-2013 19-55-03

The logs  were also available on the previous version of the windows, that’s why it is known as Classic Logs. In the previous version (before vista) there are only Application Log, System Log and Security log were available, but in Vista, Microsoft added two new  logs,Setup Log and Forwarded Event log.

Application and Services Logs:

11-11-2013 19-59-22

These are the new category of Logs, These logs store event from a single service/component for application and store it on a their independent log.

The Application and Service Logs has four type of Log category.

  1. Admin
  2. Operational
  3. Analytic
  4. Debug

For us (or me) , the most useful are Admin and Operational type of logs.

In Event logs, there are 4 types of event severity levels.

11-11-2013 23-58-34

  1. Information
  2. Warning
  3. Error
  4. Critical

You may find 2 more types of severity level in Security Logs

  1. Success Audit
  2. Failure Audit


Where i can see the event logs?

If you want to See event logs in GUI, you can use “Eventvwr.msc” to open event viewer and you can see all logs there.

11-11-2013 20-01-27

Can i open Event viewer using PowerShell.?

Surprisingly, Microsoft created a PowerShell cmdlet to open event viewer mmc.

Type  “Show-Event Log” in the PowerShell console and it will open a “Event Viewer” for you.

11-11-2013 20-03-13 

Cool ! Isn’t?

Take care, will meet in next blog Post.



Aman Dhally

clip_image001 clip_image002 clip_image003 clip_image005  clip_image007

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.