Introduction to Scripting Eventlog on a Remote Machine
Work in Progress.
PowerShell Eventlog Diagnostics Topics
♣
PowerShell Pre-requisites and Checklist
In the case of Windows 7 and later, you don’t need to download any extra files, just: ‘Add Feature’ –> Windows PowerShell. However, for older operating systems, there are different versions of PowerShell for XP, Windows Server 2003 and Vista. For such legacy systems only, you need to download PowerShell from Microsoft’s site.
Once you have installed PowerShell 2.0 or later, I recommend choosing the ISE (Integrated Scripting Engine) version, it will save buying a text editor.
Example 1: Eventlog with System.Diagnostics
Learning Points
Note 1: New-Object creates an instance of system.diagnostics. In particular an eventLog instance
Note 2: I have used variables to control the output, $Log, $Computer and $ID.
Important: Please amend $Computer = "LocalHost" to the name of the remote computer.
# PowerShell script to list the eventlogs on another computer
$Log = "Application"
$Computer ="LocalHost"
$ID = "1002"
$Objlog = New-Object system.diagnostics.eventLog($Log, $Computer)
$Objlog.get_entries() |
Where-object { $_.eventID -eq $id }
More work
Introduce an $array and a loop to interrogate a batch of computers.
Guy Recommends: SolarWinds’ Log & Event Management Tool
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
Download your FREE trial of SolarWinds Log & Event Management tool.
Example of a Diagnostic EventLog
System.Diagnostics.EventLog eventLogGuy = new System.Diagnostics.EventLog();
String EventLogName = "GuyLog";
String EventLogSource = "GuyApp";
//This is the code to create the Event
if (!System.Diagnostics.EventLog.SourceExists(eventLogSource))
{
System.Diagnostics.EventLog.CreateEventSource(EventLogSource, EventLogName);
}
EventLogGuy.Source = eventLogSource;
EventLogGuy.Log = eventLogName;
EventLogGuy.WriteEntry("Guy was here");
$ObjLog = New-Object system.diagnostics.eventLog($Log, $Computer)
$ObjLog.get_entries() |
Where-Object { $_.eventID -eq $id }
Another Work in Progress!
######################
function Write-EventLogus {
param (
[string]$source = "TFSDeployer",
[string]$type,
[int]$eventid,
[string]$msg)
#Create the source, if it does not already exist.
if(![System.Diagnostics.EventLog]::SourceExists($source))
{
[System.Diagnostics.EventLog]::CreateEventSource($source,'Application')
}
else
{
$logfile = [System.Diagnostics.EventLog]::LogNameFromSourceName($source,'.')
}
#Check if Event Type is correct
switch ($type)
{
"Information" {}
"Warning" {}
"Error" {}
default {"Event type is invalid";exit}
}
$log = New-Object System.Diagnostics.EventLog
$log.set_log($logfile)
$log.set_source($source)
$log.WriteEntry($msg,$type,$eventid)
}
##################
Function Write-LogFile {
param (
[string]$msg,
[System.IO.FileInfo]$file
)
#check if file already exists
if (!(Test-Path $file)) {
New-Item $file -type File > $null
}
Add-Content -Path $file -Value $msg
}
Write-EventLogus
Summary of Eventlog Diagnostics
.
If you like this page then please share it with your friends
See more PowerShell examples to read, write and list Windows event logs
• PowerShell Home • Get-Eventlog • EventVwr -list • Get-WinEvent • Remote-WinEvent
• WMI Win32_NTLogEvent • Windows 8 Event Viewer • Windows 8 Security Event Log
• PowerShell real-life task • Write-Eventlog • EventVwr errors • Log Event Manager
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
