https://4sysops.com/archives/managing-event-logs-in-powershell/
* Get-WinEvent gives you much wider and deeper reach into the event logs. It can access log providers directly as well as tap into Windows event tracing logs. That said, it's easier to delve into the content of classic event log entries with Get-EventLog. * For remoting, Get-WinEvent uses the built-in Windows event log remoting technology instead of PowerShell remoting. Thus, you'll find that remote log queries run faster with Get-WinEvent than with Get-EventLog. Daniel Ratliff From: listsadmin@lists.myITforum.com [mailto:listsadmin@lists.myITforum.com] On Behalf Of Daniel Ratliff Sent: Monday, March 07, 2016 2:28 PM To: powersh...@lists.myitforum.com Subject: [powershell] RE: What event logs are on a system You have to use Get-WinEvent I think for some of the legacy event logs. Will see if I can find a reference. Daniel Ratliff From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 2:26 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] RE: What event logs are on a system I should have added that get-eventlog -list doesn't give a complete list. PS C:\Users\TEMP> get-eventlog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 64 0 OverwriteAsNeeded 1,273 Application 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 128 0 OverwriteAsNeeded 1,694 OAlerts 64 0 OverwriteAsNeeded 1,062 Security 64 0 OverwriteAsNeeded 2,415 System 512 0 OverwriteAsNeeded 807 ThinPrint Diagnostics 15,360 0 OverwriteAsNeeded 19,393 Windows PowerShell Thanks Webster From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 1:23 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] What event logs are on a system Using PoSH, how can I get a list of event log names? I am trying to get stuff from the group policy log but not having any luck. The gui shows the logname as "Microsoft-Windows-GroupPolicy/Operational" but get-eventlog doesn't like it. PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy/Operational' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand Thanks Webster ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
