PowerShell Write-Eventlog Cmdlet
PowerShell's Write-Eventlog is one of the most difficult cmdlets to master. The problem is that we are asking a script to mimic how the operating system or an application writes to eventlog. For that to be successful we need to understand valid source and EventIDs.
PowerShell Write-Eventlog Topics
PowerShell Eventlog -List
So that you can focus on the properties of the message, I suggest that you become familiar with Get-Eventlog before graduating to Write-Eventlog.
Our first task is to list the logs on your machine. My idea is to see which logs are present, and then to select a log to write messages:
# PowerShell script to list the event logs.
Note 1: -List is correct, please note that you do need that dash.
Action Point: Launch the Windows Eventvwr and then visit the actual logs to check that the result of the above script matches what you see in the Event Viewer's GUI. As a general tactic I encourage you have the Windows GUI open to compare with the PowerShell scripts.
There is no business case, or technical reason for using this script, my idea is merely to provide a working example. Thus feel free to alter the properties and parameters. I am sure there will be many failures before you achieve just the script for your task.
# Example of Write-Eventlog to 'Windows PowerShell' log
Note 3: I recommend PowerShell splatting to format your parameters.
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool's most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches - give LEM a whirl.
# PowerShell Write-Eventlog to Application log.
Note 4: I omitted the -computerName parameter.
Note 5: Originally, I appended Invoke-Item so that you can look for the new item in the Event Viewer; it helps me to have the appropriate Windows GUI open when I run my PowerShell scripts. Then I discovered PowerShell has cmdlet for this job called: Show-Eventlog
Note 6: To make this work for real you need a clear rational of what you want to write into the log - Application, PowerShell or other. My aim is just to give you examples of the mechanics and to make you aware of all the parameters that you must consider.
Get-Eventlog Displays New Messages
Key point, Get-Eventlog is followed by the name of the log, in this case 'Application'.
# PowerShell script to find Error messages in the Application eventlog.
7: You could simplify the script further and just type:
Note 8: Each word, and indeed every symbol, has deep meaning to PowerShell. (|) pipes the output of the first clause into the 'Where' statement. As a result the output is filtered so that you see only error messages, and not information or warning messages.
Note 9: PowerShell supports a whole family of conditional statements, for example, -Like, -Contains, or even plain -eq (Equals), but for this job, I chose -Match. See more on PowerShell conditional statements.
SolarWinds' Network Performance Monitor will help you discover what's happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
More Research into PowerShell's Write-Eventlog
Whenever you discover a new PowerShell command, it benefits from being surveyed with what I call the 'Trusty Twosome'. In this instance, if you research a Verb-Noun command with Get-Help and Get-Member, then you are sure to unearth new scripting possibilities. To see what I mean try:
Get-Help (For Parameter Research)
# Investigate PowerShell Write-Eventlog -parameters
Get-Help confirms that starting in PowerShell v2.0 Write-Eventlog supports the -ComputerName parameter, thus you can interrogate the Eventlogs on network machines.
Other names of logs that you can substitute for 'System' are: Application, Security and even PowerShell itself has a log. Windows Server is likely to have yet more logs, for example, Directory Service and DNS Server.
Get-Member (To Display Properties)
# Investigate PowerShell Get-Eventlog Properties
Note 10: You could omit the -MemberType property parameter and thus display methods.
Discover Other Members of the PowerShell Eventlog Family
# Find more Eventlog cmdlets
This freeware monitor is great for checking whether your network's load-balancing is performing as expected, for example, are two interfaces are getting about equal traffic?
It's easy to install and straightforward to configure. You will soon be running tests to see how much network bandwidth your applications consume.
The GUI has a lovely balance between immediate network traffic data in the middle, combined with buttons to seek related data and configuration settings. Give this monitor a try, it's free!
If you need more comprehensive
network analysis software:
Get-WinEvent is the successor to Get-Eventlog. Remember that to test this cmdlet you need PowerShell v 2.0.
Take the opportunity to learn more about PowerShell while you undertake the worthwhile task of examining the various event logs, for example, system, windows or DNS.
Summary of PowerShell Write-Eventlog Scripts
If I were you, I would master one the simpler cmdlets such as Get-Eventlog before graduating to Write-Eventlog. Once you start scripting real-life task, take the trouble to study parameters such as -Source and -EventID.
If you like this page then please share it with your friends
See more PowerShell examples to read, write and list Windows event logs
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.