Reading Event logs with PowerShell
An event log is a windows service that manages event logging in a computer. When this service is started, Windows logs important information about the operation of the system and the applications running on it . The logs available on a system depend on the system’s role and the services installed.
Two general types of log files are used;
- Windows log
- Application and services log
Event log records events of different categories. namely:
- Audit success
- Audit failures
The GUI Event Viewer is used to view the individual events in an event log. In addition to the GUI tool, PowerShell can be used to query the event log. The following PowerShell cmdlets can be used to manage the event log:
The below script displays records from the event log which has an “error” state in the Application, System and Security logs.
Parameter “-Newest 100” gives only latest 100 entries in event log. Continues…