Part-1: Working with Event Logs using PowerShell
Part–2 : Working with Event Logs using PowerShell :- Get-EventLog
Part–3 : Working with Event Logs using PowerShell :- Get-EventLog
In previous posts , i had shown you how to use “Get-EventLog”, now we are going to use “Get-WinEvent” cmdlet, The Get-WinEvent cmdlet is more powerful then “Get-EventLog” cmdlet.,
Get-winEvent works with both type of logs, the legacy/classic event logs and “Applications and Service” types logs.
Let’s start.
To list all the logs those are available on your laptop, we can use –ListLog * with get-winEvent.
Get-WinEvent -ListLog *
Now you cans see all event logs available on your system.
There are few logs, those requires administrator privileges to open/see them, if you saw red errors, that mean you can only view those logs only by running run PowerShell as administrator.
To view any classic event log, you just need to use –LogName paramter and the then logs name as argument.
Get-WinEvent -LogName Application
To see “Application and Service Log” the same –LogName paramter will be used.
“”
Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin"
If you wan to see, only few logs, you can use –MaxEvents paramter , with how many logs you want to see as argument.
Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin" -MaxEvents 10
and if you want to see the oldest log first, you can use use –Oldest parameter.
Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Client/Admin" –Oldest
Part-1: Working with Event Logs using PowerShell
Part–2 : Working with Event Logs using PowerShell :- Get-EventLog
Part–3 : Working with Event Logs using PowerShell :- Get-EventLog
That’s all for today. See you in next blog Post.
Regards
Aman Dhally
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.