PowerShell Get-Eventlog with System.Diagnostics

Introduction to Scripting Eventlog on a Remote Machine

Work in Progress.

PowerShell Eventlog Diagnostics Topics


PowerShell Pre-requisites and Checklist

In the case of Windows 7 and later, you don’t need to download any extra files, just: ‘Add Feature’ –> Windows PowerShell.  However, for older operating systems, there are different versions of PowerShell for XP, Windows Server 2003 and Vista.  For such legacy systems only, you need to download PowerShell from Microsoft’s site.

Once you have installed PowerShell 2.0 or later, I recommend choosing the ISE (Integrated Scripting Engine) version, it will save buying a text editor.

Example 1: Eventlog with System.Diagnostics

Learning Points

Note 1:  New-Object creates an instance of system.diagnostics.  In particular an eventLog instance

Note 2:  I have used variables to control the output, $Log, $Computer and $ID.

Important: Please amend $Computer = "LocalHost" to the name of the remote computer.

# PowerShell script to list the eventlogs on another computer
$Log = "Application"
$Computer ="LocalHost"
$ID = "1002"

$Objlog = New-Object system.diagnostics.eventLog($Log, $Computer)
$Objlog.get_entries() |
Where-object { $_.eventID -eq $id }

More work

Introduce an $array and a loop to interrogate a batch of computers.

Guy Recommends:  SolarWinds’ Log & Event Management ToolSolarwinds Log and Event Management Tool

LEM will alert you to problems such as when a key application on a particular server is unavailable.  It can also detect when services have stopped, or if there is a network latency problem.  Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.

Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA.  LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.

Download your FREE trial of SolarWinds Log & Event Management tool.

Example of a Diagnostic EventLog

System.Diagnostics.EventLog eventLogGuy = new System.Diagnostics.EventLog();
String EventLogName = "GuyLog";
String EventLogSource = "GuyApp";

//This is the code to create the Event
if (!System.Diagnostics.EventLog.SourceExists(eventLogSource))
System.Diagnostics.EventLog.CreateEventSource(EventLogSource, EventLogName);

EventLogGuy.Source = eventLogSource;
EventLogGuy.Log = eventLogName;
EventLogGuy.WriteEntry("Guy was here");

$ObjLog = New-Object system.diagnostics.eventLog($Log, $Computer)
$ObjLog.get_entries() |
Where-Object { $_.eventID -eq $id }

Another Work in Progress!

function Write-EventLogus {
param (
[string]$source = "TFSDeployer",

#Create the source, if it does not already exist.
$logfile = [System.Diagnostics.EventLog]::LogNameFromSourceName($source,'.')
#Check if Event Type is correct
switch ($type)
"Information" {}
"Warning" {}
"Error" {}
default {"Event type is invalid";exit}
$log = New-Object System.Diagnostics.EventLog
Function Write-LogFile {
param (

#check if file already exists
if (!(Test-Path $file)) {
New-Item $file -type File > $null

Add-Content -Path $file -Value $msg


Summary of Eventlog Diagnostics


If you like this page then please share it with your friends


See more PowerShell examples to read, write and list Windows event logs

PowerShell Home   • Get-Eventlog   • EventVwr -list   • Get-WinEvent   • Remote-WinEvent

WMI Win32_NTLogEvent   • Windows 8 Event Viewer  • Windows 8 Security Event Log

PowerShell real-life task   • Write-Eventlog   • EventVwr errors   • Log Event Manager

Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.