Using PowerShell with Event Logs

Reading Event logs with PowerShell

An event log is a windows service that manages event logging in a computer. When this service is started, Windows logs important information about the operation of the system and the applications running on it . The logs available on a system depend on the system’s role and the services installed.

Two general types of log files are used;

  1. Windows log
  2. Application and services log

Event log records events of different categories. namely:

  • Information
  • Warning
  • Error
  • Critical
  • Audit success
  • Audit failures

The GUI Event Viewer   is used to view the individual  events in an event log. In addition to  the GUI tool, PowerShell can be used to query the event log. The following PowerShell cmdlets can be used to manage the event log:

  • Get-WinEvent
  • Get-EventLog
  • Clear-EventLog
  • Limit-EventLog
  • Show-EventLog

The below script  displays records from the event log which has an “error” state in the Application, System and Security logs.

PowerShell Read Event Logs

Parameter “-Newest 100” gives only latest 100 entries in event log. Continues…