In previous version of Windows, administrators can perform "eventcreate" on "Command Prompt" to create an event into Event Log. Starting from Windows 8 and Windows Server 2012, there are new cmdlets in PowerShell 3.0 for administrators to create an event into Event Log.
To create an event to Event Log, administrators can perform "New-EventLog" and "Write-EventLog".
"New-EventLog" is applied to register a source type of an event.
Administrators can perform the cmdlet like this.
New-EventLog -LogName <Log Type> -Source "<New source name>".
Remark: The source name cannot be duplicated.
Then, administrators can perform "Write-EventLog" to create an event into Event Log.
Administrators can perform the cmdlet like this.
Write-EventLog -LogName <Log Type> -Source <source name> -EntryType <Information, Warning, Error and so on> -EventId <Define by administrators> -Message <The description of this event>
Administrators can perform the cmdlet like this.
Write-EventLog -LogName <Log Type> -Source <source name> -EntryType <Information, Warning, Error and so on> -EventId <Define by administrators> -Message <The description of this event>
Remark: If the source isn't registered by "New-EventLog", you may get the following error.
Write-EventLog : The source name <Source Name> does not exist on computer.
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment