I'm trying to find the oldest retained Event in the Security Event Log through powershell.
Using the following command: (Get-EventLog Security | Sort-Object -Property Time -Descending)
This returns a list which is not sorted in the least. What am I doing wrong here?
This is not a problem with Get-EventLog, but caused by the fact that the output of Get-EventLog does not have a Porperty Time.
Use Get-Member to show a list of available properties.
Get-EventLog | Get-Member
You'll see, that there is a TimeGenerated property, which you can use.
Get-EventLog Security | Sort-Object -Property TimeGenerated -Descending
Furthermore I'd like to add, that that's the default order anyway. But if you want to switch the order, I recommend using Get-WinEvent instead, which has a -Oldest switch.
Get-WinEvent -LogName Security -Oldest
"Time" is a generated string for output purposes not a datetime object so the sorting that is happening isn't chronological but non-existent.
Looking at the DotNetTypes.format.ps1xml you will see that it is using a formatted version of the TimeGenerated property.
<TableColumnHeader>
<Label>Time</Label>
<Width>13</Width>
</TableColumnHeader>
...
...
<PropertyName>TimeGenerated</PropertyName>
<FormatString>{0:MMM} {0:dd} {0:HH}:{0:mm}</FormatString>
This is done to have friendlier default output with the caveat of issues like the one you are having.
So, sort-object was "working" with a null value hence the lack of visible change.
Either way use the property TimeGenerated property instead
