Ezine 210 PowerShell Get-WinEvent
PowerShell's Get-WinEvent
I have a new mission. My aim is to collect a bank of simple PowerShell
scripts that 'do stuff'. Perhaps you can help? I am so serious
about my project that this week I am offering a bounty of $10 for the best script
based on Get-WinEvent. If this is successful, then I will offer more
bounties for scripts based on other cmdlets.
Guy's Brief / Challenge:
- Use the cmdlet: Get-WinEvent
- Your PowerShell script must do something useful.
- No more than 10 lines.
- No copying from the internet! It must be your code.
- The best script gets $10 paid into its writer's PayPal account.
Topics for PowerShell Get-WinEvent
♣
Get-WinEvent is PowerShell's 2.0's updated version of Get-Eventlog in
1.0. The first thing to note is when you enumerate the logs you
need to append -listlog *. (Not -list, not -loglist, and not -listlog
without a wildcard). Instead of about 8 logs, Get-WinEvent returns
150 - really! Thus the second thing is you may want to try this
filter, which just lists the traditional event logs.
# PowerShell Get-WinEvent script to list classic event logs.
Clear-Host
Get-WinEvent -listlog * | Where {$_.IsClassicLog -eq 'True'}
Note 0: Get-WinEvent needs Vista or
later, for XP use plain Get-Eventlog.
Note 1: Perhaps my worst kept secret is that you
don't really need me, just call for PowerShell's Get-Help!
# List Get-WinEvent parameters.
Clear-Host
Get-Help Get-WinEvent -full
Note 2: Observe the -maxEvents switch, this
replaces -newest in the old Get-Eventlog cmdlet. I think this is a
wonderful parameter to speed up the script when testing, and for checking
properties with Get-Member
# List System log properties.
Clear-Host
Get-WinEvent System
-maxEvents 1 | Get-Member
Note 3: Most scripts which employ the Get-WinEvent
cmdlet require the name of the log, for example, Application, Security, or
as in this case, System.
Now you have all the tools to create interesting scripts which 'do stuff'
such as filtering only errors, or finding messages containing specific
words.
Guy
Recommends: WMI Monitor and It's Free!
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems. Fortunately, SolarWinds
have created a
Free WMI Monitor so that you can discover these gems of performance
information, and thus improve your scripts. Take the guess work out of which WMI counters to use when scripting the
operating system, Active Directory or Exchange Server.
Download your free copy of WMI Monitor
Scripting the event logs inevitably throws up some unexpected results,
errors that you really should know about and take action. The easiest way to check
for the most
the serious problems is to
group similar events and then list them in descending order.
In terms of my $10 challenge this is the benchmark. I am not
looking for complex coding, more focussing on a real task which a simple
PowerShell script can provide a quick answer.
# PowerShell example which groups event then sorts in descending order.
Clear-Host
Get-WinEvent -logName System -maxEvents 2000 | `
Group-Object
ProviderName | Sort-Object Count -descending | `
Format-Table Count, Name
-auto
Note 4: I have selected the System log, but you could
easily adapt this script for the Security or Application log.
Note 5: Once the script works, I would remove
the -maxEvents 2000 part, I only added that parameter to speed-up the script
when
you first run it.
- Use the cmdlet: Get-WinEvent
- Your PowerShell script must do something useful.
- No more than 10 lines.
- No copying from the internet! It must be your code.
- The best script gets $10 paid into its writer's PayPal account.
Summary of PowerShell's Get-WinEvent
Everyone should check their event logs more often. With PowerShell
you can turn a drudge into a labor of love. While you discover errors
and take corrective actions, so you learn more about PowerShell's syntax.
Guy Recommends: Tools4ever's UMRA
Tired of writing scripts? The User Management Resource Administrator solution
by Tools4ever offers an alternative to time-consuming manual processes.
It
features 100% auto provisioning, Helpdesk Delegation, Connectors to more than
130 systems/applications, Workflow Management, Self Service and many other
benefits. Click on the link for more information on
UMRA.
If you like this page then please share it with your friends
See more PowerShell examples to read, write and list Windows event logs
• PowerShell Home •
Get-Eventlog •
EventVwr -list •
Get-WinEvent •
Remote Eventlog
•
WMI Win32_NTLogEvent
• Windows 8 Event Viewer •
Windows 8 Security Event Log
• PowerShell real-life task •
Write-Eventlog •
EventVwr errors •
Diagnostics •
Error examples
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Download my ebook:
Getting Started with PowerShell - only $9.25
You get 36 topics organized into these 3 sections:
1) Getting Started
2) Real-life tasks
3) Examples of Syntax.
In addition to the ebook, you get a PDF version of this Introduction to PowerShell ebook It runs to 120
pages of A4.
| 
