Use Powershell to get specific events


Although event viewer offers an easy way to visualize server events, there are situations in which there are too many events to extract the needed information. Powershell can be used to get specific event logs from any machine. If you need to retrieve event logs from System that contain a particular pattern, you can use the following command:

Get-EventLog System -Message “*Driver Management*” | Format-List
Powershell scripting
 
You can also retrieve events after a certain date from a specific event log location:
$date= get-date 5/02/2014
get-eventlog -LogName System -Source “Microsoft-Windows-Kernel-General” -entrytype Information -after $date
Retrieve event logs using Powershell
 
The following command retrieves logs from System that have the Microsoft-Windows-Kernel-General source and 11 eventID:
get-eventlog -log System -source “Microsoft-Windows-Kernel-General” | where {$_.eventID -eq 11} | Format-List
Get event longs with Powershell
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s