Posted by: Preetam | December 18, 2006

Powershell to view EventLogs

I was actually expecting to see some noted difference in event viewer in Vista. If you are core System Admin your job is mostly revolved around finding out in digging logs and then relate it to some meaning full Unexpected Shutdown root cause analysis. And everytime we open event logs we normally tend to open error or warning logs around 6008, unexpected reboot. And then starts the double click attack on every event log in around…to delve in message details. I wonder if there is some better solutions planned in future OS’s…just for time being I have got a work around with PowerShell, this is again one Length one liner….

Get-EventLog -LogName application where{$_.Entrytype -eq “error”} convertto-html -property timegenerated,Index,Source,Message -title “ErrorLogs” -body “Errors on Server” > log.htm;invoke-item log.htm

Lets get into details, in fact there is not much technical into, it is straight forward.

Get-Eventlog -logname Application ——-with this line we are in Application log. (Just imagine how many lines you will require to get into appln log via VBSCript)

We piped it to get only error with $_.Entrytype…Hmmm I was searching for long where is eventtype the help file.

for example: get-eventlog -logname application get-member..

finally I got it. I would like this help to be more descriptive, it says everything in greek to non-programmer like me.

With above line we got all errors. Here you again have choice how many error/Warning/Information you wish to have. Just modify first line as “Get-EventLog -LogName application –newest 10

Once I have all errors, I asked Powershell to converto-html and with properties as Header I selected TimeGenerated,Message, select as per your requirement.

Now last step here is to re-direct the output to htm file and then invoke the same with Invoke-item.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: