Stack Overflow
Stack Overflow

Questions tagged [get-eventlog]

Get-EventLog is a powershell cmdlet that gets the events in an event log, or a list of the event logs, on the local or remote computers.

Get-EventLog is a powershell cmdlet that gets the events in an event log, or a list of the event logs, on the local or remote computers. Get-EventLog only works against the 'classic' event logs - it is compatible with Windows XP and 2003. It is deprecated.

According to get-eventlog

Get-EventLog uses a Win32 API that is deprecated. The results may not be accurate. Use the Get-WinEvent cmdlet instead.

See also

49 questions
9
votes
2 answers

Powershell try/catch with test-connection

I'm trying to have offline computers recorded in a text file so that I can run them again at a later time. Doesn't seem that it is being recorded or caught in catch. function Get-ComputerNameChange { [CmdletBinding()] Param( …
MattMoo
  • 192
  • 2
  • 3
  • 11
5
votes
1 answer

Get-EventLog - valid message missing for some event log sources

I'm pulling and filtering System Event Log data using get-eventlog. What I'm finding is that get-event log is not able to correctly return the message associated with some entries. These entries appear normally in the event log viewer.…
andyb
  • 2,722
  • 1
  • 18
  • 17
4
votes
2 answers

Powershell Get-EventLog hangs on RemoteComputer

The following runs fine on local computer, but when I put -ComputerName "myRemoteName", it hangs and doesn't return anything even after about 5 minutes; but program still seems to be running. Is it trying to return a large packet of data across the…
NealWalters
  • 17,197
  • 42
  • 141
  • 251
3
votes
2 answers

Sort-Object having no effect on Get-EventLog

I'm trying to find the oldest retained Event in the Security Event Log through powershell. Using the following command: (Get-EventLog Security | Sort-Object -Property Time -Descending) This returns a list which is not sorted in the least. What am I…
Leander
  • 47
  • 4
3
votes
0 answers

The specified channel could not be found EventViewer

I am opening windows event viewer security logs which under Windows Logs but its displaying an error as below.(Other logs are working) Event viewer cannot open the event log or custom view, Verify that Event Log service is running or query is too…
Burak Dincer
  • 65
  • 1
  • 9
3
votes
1 answer

Failed to get ComputerName in Powershell Get-Eventlog

In Security section in Event Viewer, there is a column named "Computer". I am using powershell to retrieve "all event ID 100" as of yesterday and display columns "event ID" and "computer". Get-EventLog Security -After "2016-08-25 08:08:08" |…
York Mak
  • 231
  • 1
  • 3
  • 8
2
votes
1 answer

PowerShell - Grabbing user from security.etvx files

I'm not use to using PowerShell at all but so far I have the following code to grab a 4625 event Get-WinEvent -MaxEvents 1 -FilterHashtable…
tjw
  • 123
  • 2
  • 10
2
votes
1 answer

Powershell - Login/Logoff Events - Get-WinEvent vs Get-EventLog

I've been working on a script to pull logon/logoff history out of the Event logs. The issue is that almost every code example I found uses "Get-EventLog" which does work, but is extremely slow processing due to the event logs found on a server being…
HerrtheGeek
  • 51
  • 1
  • 5
2
votes
1 answer

Get-EventLog not parsing Message when run by SYSTEM user

Problem I am trying to schedule a job that monitors events on remote machines. I wrote the script based on the Get-EventLog command and it works properly when run by my account. But when I run the Get-EventLog as SYSTEM user, the .Message attribute…
Michał Sacharewicz
  • 172
  • 2
  • 7
2
votes
2 answers

Powershell: Can't get Output for specific Event IDS using Get-EventLog

I am new in Powershell. I am trying to get information for several event IDS regarding account management audit. I know that the script I wrote it's not efficient enough but I dont think it's the issue here. For some reason I don't get the output…
Polina Antoniou
  • 21
  • 4
2
votes
0 answers

Why do I get different results with Get-WinEvent versus Get-EventLog?

I'm trying to use Get-WinEvent to retrieve events from the eventlog for specific provider names that my company uses to write to the eventlog. I'm finding that I'm getting differing results depending on whether I use Get-WinEvent versus…
Rob Peterson
  • 39
  • 4
2
votes
2 answers

Get-eventlog: How to get all Logs (Application, System, Security, etc) using powershell

I am trying to read All log files from EventLog using Get-eventlog commandlet Get-EventLog -LogName Application, Security -after 09/15/2016 -Before 09/17/2016 Instead of -LogName Application, I need all logs like Application, System, Security, etc.…
mansing shinde
  • 445
  • 7
  • 25
2
votes
1 answer

Grab username from Get-Winevent

How can I grab the "Account Name" for the Section "Account for Which Logon Failed" in the below output from Get-EventLog? I know it involves replacement strings but this just isn't getting it: Get-EventLog -ComputerName fs2 -Logname security | ?…
200mg
  • 503
  • 1
  • 10
  • 24
2
votes
1 answer

Foreach-Object make mutable copy of $_ in PowerShell

I want to convert entries from Windows Event log to JSON. But I want to preformat some fields. Using ForEach-Object looks like natural decicion for me, but when I try to change attributes there like this: Get-EventLog System -Newest 2 | % {…
Bunyk
  • 7,635
  • 8
  • 47
  • 79
1
vote
1 answer

Filter get-eventlog by the subjects account name

I've created a little script that runs on our districts domain controllers that sends out an email any time a user is created in AD to our networking team. The script works great, but we want to filter out our MIM system that creates new users every…
NorwegiaMan
  • 97
  • 1
  • 9
1
2 3 4