CTP3 – New-EventLog
I have shown how to create an event log using simple .NET code a couple of times including http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!278.entry. CTP 3 brings us a cmdlet that we can use to perform this act.
New-EventLog is used as follows.
New-EventLog -LogName TestLog -Source TestSource
All we provide is the name of the log and a Source to register. A source is a handle (or route) that applications use to write to the event log. We can view the details of our event log.
PS> Get-EventLog -List
Max(K) Retain OverflowAction Entries Name
------ ------ -------------- ------- ----
25,600 0 OverwriteAsNeeded 156 Application
15,168 0 OverwriteAsNeeded 0 DFS Replication
20,480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 0 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
16,384 0 OverwriteAsNeeded 0 ODiag
16,384 0 OverwriteAsNeeded 1,106 OSession
2,048 9 OverwriteOlder 2 Scripts
20,480 0 OverwriteAsNeeded 296 Security
20,480 0 OverwriteAsNeeded 573 System
512 7 OverwriteOlder 0 TestLog
15,360 0 OverwriteAsNeeded 908 Windows PowerShell
Note the default size, retention days and Overflow action.
One potential issue is how do we view the sources for an event log. The following script will do this. Its interesting to run this against the Application log!
param ([string]$log)
cls
Write-Host $log -ForegroundColor Green
$filt = "LogFileName = '" + $log + "'"
Get-WmiObject -Class Win32_NTEventLogFile -Filter $filt | Select -ExpandProperty Sources
If you want to be able to control how applications write to a log then we can add a source for a particular application.
New-EventLog -LogName TestLog -Source "Source2"
Exactly the same as before but because the log exists we just create a new source.
Read the complete post at http://richardsiddaway.spaces.live.com/Blog/cns!43CFA46A74CF3E96!1963.entry