W2KSG: Reading Event Logs - Richard Siddaway's Blog

W2KSG: Reading Event Logs

The scripting guide use WMI to read classic event logs. We have get-eventlog. Much easier.

# Listing 12.8
Get-EventLog -LogName System

# Listing 12.9
Get-EventLog -LogName System | Where {$_.EventId -eq 7036}

Listing 12.10
Get-EventLog -LogName System | Where {$_.Timewritten -gt ((Get-Date).Adddays(-2))}

Listing 12.8 shows how to read a specific log. There could be a lot of data there!! We can restrict the data by eventid (Listing 12.9) or date (Listing 12.10)

Share this post :

Technorati Tags: PowerShell,Event Logs

Read the complete post at http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!1828.entry

Published Sun, Oct 19 2008 14:31 by Richard Siddaway's Blog

Filed under: Powershell