Use PowerShell to create EventLog
In the following article, I will show you how to use PowerShell to create log records on the system, namely the Write-EventLog cmdlet command. The basic syntax of this command takes the form ...
TipsMake.com - In the following article, we will introduce and show you how to use PowerShell to create log records on the system, specifically the cmdlet Write-EventLog . The basic syntax of this command is in the form of:
Note that when using this cmdlet, you must declare the log file name, source, event id and corresponding message. Very similar to the EVENTCREATE.EXE command tool, but users cannot use non-standard or similar sources. Instead, they must first create specifications or data sources. And one of the easiest ways to find data sources is to use Windows Management Instrumentation (WMI).
PS C:> $ log.Sources
System
ACPI
adp94xx
adpahci
adpu320
.
If one of the above sources seems appropriate, please record it as a record as follows:
The default entry type is Information , users can create eventID separately and change, edit at any time:
EventID: 12345
EntryType: Information
Source: Server
Message: The description for Event ID '12345' in Source 'Server' cannot be
tìm thấy. Máy ảnh cục bộ không có có phần mềm cần thiết
thông tin hoặc tập tin DLL tập tin để hiển thị thông báo, hoặc bạn
có thể không có quyền để truy cập thêm. The following inform
là phần của phần của sự kiện:
Suppose that if you want to search for any event ID or message, you will get a small error like this:
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
1512222 Jan 25 10:05 Information Server 12345 The des .
Not really perfect, but still functioning properly. While theoretically we can register with new data sources, and can also create new records by using the cmdlet New-Eventlog command. Usually this cmdlet is applied to developers, programming a fixed event log model. In the following example, we will create a log in custom format, and initialize a number of different data sources.
Check what was created:
PS C:> $ log | fl
FileSize: 69632
LogfileName: PSLogging
Name: C: WindowsSystem32WinevtLogsPSLogging.evtx
NumberOfRecords: 0
That's a completely new log file, followed by a check of the data source - source:
PSLogging
ADSI
Other
Kiểm TRA
WMI
And finally, enter any data here:
Besides, we can use any event ID, or create them at will:
Index: 14
EntryType: Information
InstanceId: 1000
Message: I am mục nhập đầu vào
Category: (1)
CategoryNumber: 1
ReplacementStrings: {I am the first entry}
Source: Test
TimeGenerated: 1/25/2012 10:45:47 AM
TimeWritten: 1/25/2012 10:45:47 AM
UserName:
At this step, Windows will no longer 'care' for the event ID. If you want to add any other data source, you only need to re-use the cmdlet New-Eventlog:
And our new source here:
PSLogging
ADSI
Other
Scripting
Kiểm TRA
WMI
The cmdlet New-Eventlog command has the parameter -computername , so it's much easier to create any new eventlog on the entire Desktop or server - where we want to monitor and manage the log. Good luck!
You should read it
- What is Cmdlet? What is the difference between Cmdlets and PowerShell commands?
- How to install PowerShell 7.0 in Windows 10/8/7
- 10 tips with PowerShell in Windows Server 2008 - Part 2
- 10 tips with PowerShell in Windows Server 2008 - Part 1
- How to use PowerShell's default parameter to change the command behavior
- Microsoft Windows PowerShell and SQL Server 2005 SMO - Part 3
- Instructions on how to use PowerShell in Windows Server 2012
- About PowerShell
- Use PowerShell to download any file on Windows 10
- PowerShell command in Windows
- What to do when Windows can't find PowerShell?
- How to Install or Update PowerShell on Windows 11