There are 2 cmdlets to get Windows Event Logs by PowerShell. One is "Get-EventLog". Another is "Get-WinEvent". "Get-EventLog" cmdlet can get the common event logs like the following.
However, if you prefer to get event logs under "Microsoft" folder, we need to perform "Get-WinEvent".
Furthermore, "Get-WinEvent" cmdlet provided more parameters like filtering.
I'm going to perform "Get-WinEvent" to get event logs under Group Policy.
To get event logs from Group Policy, we can perform "Get-WinEvent -LogName <Log Name>".
How to check this log name?
We can check it from the Log Properties.
Or perform "Get-WinEvent -ListProvider <Provider Name>" to check the log name.
In some providers, there is more than 1 Log Name.
To get log properties information, we can perform "Get-WinEvent -ListLog <Log Name>".
We can use FilterHashTable parameter to filter event logs.
Get-WinEvent -FilterHashTable @{LogName = <Log Name>; StartTime = <DateTime>; EndTime = <DateTime>; ID = <Event ID>}
You can just provide a date for "StateTime" or "EndTime" for searching event logs.
For more information about Get-WinEvent, please read the below web sites.
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment