Most of the operating systems' problems are recorded in the System log.
Sometimes it's more convenient to use the Event Viewer, while at other times PowerShell
is quicker.
Getting
Started - Finding the Windows 8 System Log
I am going to show you two methods to research the System log entries, they
work really well in tandem. By that I mean the Event View will teach
you about PowerShell.
Launch the Windows 8 Event Viewer
To get started with the Event Viewer press Winkey +w, this launches the Search box
with the focus on Settings.
Now type: "ev" you should see 'View event logs'.
Once the Event Viewer has initialized if you expand 'Windows logs' you can
see 'System'.
PowerShell Equivalent: List the Last 20 System Events with PowerShell
Starting from the Metro UI, start typing: 'Pow'. You should see
two
PowerShell Apps, I prefer to select the ISE version because it has a GUI. There are two cmdlets
for displaying the logs;
Get-EventViewer and Get-WinEvent, in either case remember to specify the -LogName.
Get-WinEvent
# PowerShell Windows 8 System Event Logs Get-WinEvent -LogName
System -MaxEvents 20
Note 1: The parameter -MaxEvents 20 is merely to speed up the
command because the system log can be huge, and when testing you may be
anxious just to get results.
Get-Eventlog Alternatively, you can use Get-Eventlog
cmdlet with its -Newest parameter. This is an old-fashioned, but
easier to use cmdlet.
Clear-host Get-Eventlog -LogName System -Newest 20
Help Further PowerShell Research
#Pure Research - Precede the cmdlet with Help Clear-host Help
Get-WinEvent
Research Properties with Get-Member (GM)
#Pure Research - Append Get-Member Clear-host
Get-Eventlog System -Newest 20 | Get-Member
Guy Recommends: SolarWinds' Log & Event Management Tool
LEM will alert you to problems such as when a key
application on a particular server is unavailable. It can also
detect when services have stopped, or if there is a
network latency problem. Perhaps this log and event management
tool's most interesting ability is to take corrective action, for
example by
restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people
use LEM is for its
compliance capability, with a little help from you, it will ensure that your organization complies with industry
standards such as CISP or FERPA. LEM is a really smart
application that can make correlations between data in different logs,
then use its built-in logic to take corrective action, to restart services,
or thwart potential security breaches.
Orientation: You are in the Event Viewer, you pre-select the System
log. Now, go to the Actions pane to the right and click on 'Filter
Current Log'.
Here is where you put on your thinking hat, and experiment with each
setting: my choices were: Event sources Microsoft Windows System
settings Task category Logon, Logoff.
Typical Microsoft, there are at least 3 ways of employing PowerShell to
filter the logs. My favourite, especially for learning is to pipe the
output of Get-Eventlog into a where statement.
#Pure Research - PowerShell Where-Object Filtering Clear-host
Get-Eventlog System -Newest 200 | Where-Object {$_.EventID -eq
'50036'}
Note 2: It may be clearer if you bolt on a Format-Table
command. This enables you to choose the output columns, for example: |
Format-Table EventID, Message -auto
Note 3: Windows Event ID 50036 means the DHCP Client
service started (and 50037 means it stopped).
Note 4: The conditional operator -match may be better
than -eq. Especially for messages, e.g. Where {$_.Message -match
'DHCP'}
-FilterHashTable with Get-WinEvent
Researching a PowerShell cmdlet with Help is surprisingly instructive, in
this instance it shows that Get-WinEvent has a parameter called
-FilterHashTable parameter. However Help also reveals that
Get-Eventlog does not.
Note 5: The syntax is a little tricky; a) There is no
hyphen before the parameter. b) The key-value pairs are joined by the = (equals sign) and not
PowerShell's -eq. Also remember the overall format
@{Filter="criteria"}
»
Summary of Windows 8
System Event Logs
This page explains how to research the System log entries with both the
Windows 8 Event Viewer and PowerShell v 3.0 Our examples showed how to
filter events with the Action pane, and
also how to use PowerShell's -FilterHashtable parameter.
If you like this page then please share it with your friends
