HomeSystemServer

Use PowerShell to create EventLog

TipsMake.com - In the following article, we will introduce and show you how to use PowerShell to create log records on the system, specifically the cmdlet Write-EventLog . The basic syntax of this command is in the form of:

PS C:> help Write-EventLog

Note that when using this cmdlet, you must declare the log file name, source, event id and corresponding message. Very similar to the EVENTCREATE.EXE command tool, but users cannot use non-standard or similar sources. Instead, they must first create specifications or data sources. And one of the easiest ways to find data sources is to use Windows Management Instrumentation (WMI).

PS C:> $ log = Get-WmiObject win32_nteventlogfile -filter "filename = 'system'"
PS C:> $ log.Sources
System
ACPI
adp94xx
adpahci
adpu320
.

If one of the above sources seems appropriate, please record it as a record as follows:

PS C:> write-event System -source Server -eventid 12345 -message "I am a custom event log message"

The default entry type is Information , users can create eventID separately and change, edit at any time:

PS C:> get-eventlog system -newest 1 |Format-list EventID, EntryType, Source, Message
EventID: 12345
EntryType: Information
Source: Server
Message: The description for Event ID '12345' in Source 'Server' cannot be
tìm thấy. Máy ảnh cục bộ không có có phần mềm cần thiết
thông tin hoặc tập tin DLL tập tin để hiển thị thông báo, hoặc bạn
có thể không có quyền để truy cập thêm. The following inform
là phần của phần của sự kiện:

Suppose that if you want to search for any event ID or message, you will get a small error like this:

PS C:> get-eventlog system -newest 1 -message "* custom event *"
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
1512222 Jan 25 10:05 Information Server 12345 The des .

Not really perfect, but still functioning properly. While theoretically we can register with new data sources, and can also create new records by using the cmdlet New-Eventlog command. Usually this cmdlet is applied to developers, programming a fixed event log model. In the following example, we will create a log in custom format, and initialize a number of different data sources.

PS C:> new-eventlog -LogName PSLogging -Source ADSI, WMI, Test, Other

Check what was created:

PS C:> $ log = Get-WmiObject win32_NTEventlogfile -filter "filename = 'PSLogging'"
PS C:> $ log | fl
FileSize: 69632
LogfileName: PSLogging
Name: C: WindowsSystem32WinevtLogsPSLogging.evtx
NumberOfRecords: 0

That's a completely new log file, followed by a check of the data source - source:

PS C:> $ log.sources
PSLogging
ADSI
Other
Kiểm TRA
WMI

And finally, enter any data here:

PS C:> Write-EventLog PSLogging -Source Test -eventID 1000 -Message "I am the first entry"

Besides, we can use any event ID, or create them at will:

PS C:> get-eventlog PSLogging |format-list
Index: 14
EntryType: Information
InstanceId: 1000
Message: I am mục nhập đầu vào
Category: (1)
CategoryNumber: 1
ReplacementStrings: {I am the first entry}
Source: Test
TimeGenerated: 1/25/2012 10:45:47 AM
TimeWritten: 1/25/2012 10:45:47 AM
UserName:

At this step, Windows will no longer 'care' for the event ID. If you want to add any other data source, you only need to re-use the cmdlet New-Eventlog:

PS C:> New-EventLog PSLogging -source Scripting

And our new source here:

PS C:> Get-WmiObject win32_NTEventlogfile -filter "filename = 'PSLogging'" |Select -expand Sources
PSLogging
ADSI
Other
Scripting
Kiểm TRA
WMI

The cmdlet New-Eventlog command has the parameter -computername , so it's much easier to create any new eventlog on the entire Desktop or server - where we want to monitor and manage the log. Good luck!

4 ★ | 1 Vote
powershellwindows powershellevent logcmdletWindows Management InstrumentationWMI

You should read it

May be interested

  • How to check PowerShell version in Windows 10How to check PowerShell version in Windows 10
    powershell is one of the extremely useful command tools for advanced windows 10 users.
  • Instructions on how to use PowerShell in Windows Server 2012Instructions on how to use PowerShell in Windows Server 2012
    what is powershell? windows powershell is a command-line shell language interpreter and scripting language specifically designed for system administrators. built on the .net framework, windows powershell helps it professionals control and automate windows operating system administration tasks as well as applications running on windows server environments.
  • What is Windows PowerShell? How to use Windows PowerShellWhat is Windows PowerShell? How to use Windows PowerShell
    do you want to learn the features of windows powershell but don't know how? suggestions for you what is windows powershell? the most convenient way to use windows powershell.
  • What to do when Windows can't find PowerShell?What to do when Windows can't find PowerShell?
    powershell is a handy tool that allows you to automate tasks, fix various errors, and manage several windows installations. but what if it suddenly disappears from your computer?
  • PowerShell and everything you need to know about itPowerShell and everything you need to know about it
    what is powershell? microsoft powershell is a command line utility and scripting language that is a powerful tool for administrators that helps you automate a wide range of computer and network tasks.
  • Now you can run PowerShell on both Linux and macOSNow you can run PowerShell on both Linux and macOS
    a version of powershell called powershell core 6.0 has just been released by microsoft, running on both macos and linux.
  • Should I use PowerShell or Command Prompt?Should I use PowerShell or Command Prompt?
    for advanced windows users, the command line has long been a powerful tool for managing and interacting with the operating system. but powershell offers enhanced automation and scripting capabilities. so which tool should you use?
  • PowerShell securityPowerShell security
    if you've ever heard of powershell, you're probably wondering how powerful powershell is. with all the effort and effort spent, this scripting machine is now more mature with advanced security features. powershell is dry
  • How to Install or Update PowerShell on Windows 11How to Install or Update PowerShell on Windows 11
    windows powershell is a command line tool developed by microsoft that helps you automate common tasks on your system.
  • How are Command Prompt (cmd) and PowerShell different?How are Command Prompt (cmd) and PowerShell different?
    windows 7 has added powershell, a more powerful command line and script language. since windows 7, powershell has become more prominent, even becoming the default choice in windows 10. how is it different from command prompt?

Server