How to check if event log with certain source name exists?

Question

We want to check if a log with a certain source name exists. The log is created as follows:

New-EventLog -LogName Application -Source "MyName"

Now we want to use a PowerShell function to check it this log exists. A working solution is the following:

[System.Diagnostics.EventLog]::SourceExists("MyName") -eq $false

which returns False if the log exists and true if it does not.

How can we make this code so that it makes use of PowerShell's built in features instead of the .NET classes? We tried code from here:

$sourceExists = !(Get-EventLog -Log Application -Source "MyName")

but it returns a GetEventLogNoEntriesFound exception.

Can someone help us out? Thanks.

One of PowerShell strengths is the accessibility of .Net classes. Why is this not an option or are you just curious? `Get-EventLog` wont help since you could return no entries but the source could still exist. — Matt, Jan 28 '15 at 16:15
I think it is prettier to only use PowerShell functions. I basically want to know how a returned list can be turned into an object which can be null or not. But baybe the `SourceExists` function from the .NET class is our best bet. — user2609980, Jan 28 '15 at 16:35
Something like this then? `[bool](Get-EventLog -Log Application -Source "MyName" -ErrorAction SilentlyContinue)`. Returns true or false. The source could still exist but have no associated logs. — Matt, Jan 28 '15 at 16:38
@Matt Does not work. Even when the log with the created source is created it always returns `False`. — user2609980, Jan 28 '15 at 16:47
Wrap the .Net code in a PowerShell function of your own then: `function Check-EventlogSource($Source) { [Diagnostics.EventLog]::SourceExists($Source) }`. Problem solved. — Ansgar Wiechers, Jan 28 '15 at 18:27
I agree with the others who've noted that the question, as presently formed, sometimes confuses event log and event log sources. In the first step you are not creating an event log. Instead you are creating a source for the Windows Application Event Log. — ScottWelker, Jun 15 '18 at 19:38

oɔɯǝɹ · Accepted Answer · 2015-12-07T13:56:17.757

4

You could wrap that in a Cmdlet as follows:

function Test-EventLog {
    Param(
        [Parameter(Mandatory=$true)]
        [string] $LogName
    )

    [System.Diagnostics.EventLog]::SourceExists($LogName)
}

Note: You will need to run this script from an elevated PowerShell console (Run as Admin) for it to work:

Test-EventLog "Application"
True

edited Dec 07 '15 at 13:56

answered Jan 28 '15 at 22:24

oɔɯǝɹ

7,219
7
58
69

The SourceExists part is what we are looking, that was working. The question was if there was an equivalent PowerShell function. Perhaps there is not, but with your idea we can make one ourselves. – user2609980 Jan 29 '15 at 08:28
1

@user2609980 If a PowerShell cmdlet existed, it'd probably do the exact same call anyway. Note that for non-admin accounts `SourceExists()` will throw an error, because the `Security` eventlog can't be accessed. – Ansgar Wiechers Jan 29 '15 at 08:57
1

-1 The question was how to check if a **source** exists. This answer shows how to check if an event **log** exists. The text *above* "should be" is correct. Also, elevation is not necessary to check whether an event log exists. It is only necessary when checking whether a source exists and the source cannot be found without checking the Security event log. – Mark Berry Dec 05 '15 at 18:03
@MarkBerry thanks for the feedback, I corrected the answer. – oɔɯǝɹ Dec 07 '15 at 13:56
The correction is still partially incorrect. 1. You only need elevated privileges if the source does *not* exist. If it *does* exist, and it's not in the Security log, no elevation is required. 2. Your example `Test-EventLog "Application"` will fail because "Application" is not a source, it is an event log. – Mark Berry Dec 08 '15 at 16:48

score 3 · Answer 2 · answered Mar 18 '16 at 14:39

3

The correct way is, pretty much the same as above:

function Test-EventLogSource {
Param(
    [Parameter(Mandatory=$true)]
    [string] $SourceName
)

[System.Diagnostics.EventLog]::SourceExists($SourceName)
}

Then run:

Test-EventLogSource "MyApp"

answered Mar 18 '16 at 14:39

Phil

765
2
8
26

score 0 · Answer 3 · answered Aug 14 '17 at 21:29

There seems to be some confusion between an EventLog and an EventLogSource.

Here is my example: (with strict-mode ON)

Set-StrictMode -Version 2.0

[System.String]$script:gMyEventLogSource = 'My Source'
[System.String]$script:gEventLogApplication = 'Application'



# custom event log sources
[bool]$script:gApplicationEventLogExists = [System.Diagnostics.EventLog]::Exists($script:gEventLogApplication)

if(!$script:gApplicationEventLogExists)
{
    throw [System.ArgumentOutOfRangeException] "Event Log does not exist '($script:gApplicationEventLogExists)'"
}

Write-Host "gApplicationEventLogExists ( $script:gApplicationEventLogExists )"

[bool]$script:gMyEventLogSourceExists = [System.Diagnostics.EventLog]::SourceExists($script:gMyEventLogSource)
Write-Host "gMyEventLogSourceExists ( $script:gMyEventLogSourceExists )"
if(!$script:gMyEventLogSourceExists)
{
    Write-Host "About to create event log source ( $script:gMyEventLogSource )" 
    New-EventLog -LogName $script:gEventLogApplication -Source $script:gMyEventLogSource
    Write-Host "Finished create event log source ( $script:gMyEventLogSource )"
    Write-Host ""
}

How to check if event log with certain source name exists?

3 Answers3