Events

• Events
• Events, Eventlog and Event Viewer
• Commands for Eventlog
• Get-EventLog (PowerShell 5)
• Get-WinEvent
• Add a log event

Events, Eventlog and Event Viewer

Events are messages and information about things what had happened in a computer, an operating system and/or in applications. Event log is the place where all events are saved. Event Viewer is a component of Microsoft's Windows operating system that lets administrators and users view the event logs on a local or remote machine. You can run the Event viewer from Start

Applications and operating-system components can use this centralized log service to report events that have taken place, such as a succeesful login, a failure to start a component or to complete an action.

You can see some of events are marked Error, Warning, or Information. They have different meanings:
- Error means a significant problem and it may include some loss of data on your computer. (Recover my files)
- Warning indicates that there may be a potential problem of your computer.
- Information means the program functions normal.

Each main category under Windows logs refers to different events on your computer:
- Application: System components like drivers on your Windows 10 computer report their problems.
- Security: Events under this category show the results of a security action. - Setup: Refer to domain controllers. - System: System events report problems and warnings from Windows system files and programs installed on the system. Most of them can be self-healed.
- Forwarded Events: Events sent from other computers.

You can use the Event Viewer to troubleshoot computer's problems like blue screen error, program or system crashes, view each shut down or a system restart and its reason, and more. You can search any Event ID online for a detailed explanation. And you can also filter events by severity.

Commands for Eventlog

To begin with, let’s see what cmdlets are available that deal with the event logs.

Cmdlet Show-Eventlog displays the event logs of a local or a remote computer in Event Viewer.

Get-EventLog (PowerShell 5)

The Get-EventLog cmdlet gets events and event logs from local and remote computers. By default, Get-EventLog gets logs from the local computer. To get logs from remote computers, use the ComputerName parameter.

In the following example we will get 10 latest events form Windows System log.

Get-EventLog -LogName System -Newest 10

Important notify!
Unfortunately, Get-EventLog has been deprecated, and it is not available in PowerShell 7 anymore. There are few good reasons why: the cmdlet can only read from “classic” log files, it’s slow and has some other limitations. In PowerShell 7 has been introduced a better replacement: Get-WinEvent.

Get-WinEvent

The Get-WinEvent cmdlet gets events and event logs from local and remote computers. By default, it gets logs from the local computer. To get logs from remote computers, use the ComputerName parameter.

In the following example we will get 10 latest events form Windows System log.

Get-WinEvent -LogName System -MaxEvents 10

Add a log event

The Write-EventLog cmdlet writes an event to an event log.

To write an event to an event log, the event log must exist on the computer and the source must be registered for the event log. You can register your source with Powershell, and it must be done with administrator's rights. In the following example firstly we will register a new source named "MyPowerShell". After that secondly we will add a new event to the eventlog with valid parameters

#register a new source
New-EventLog –LogName Application –Source “MyPowerShell”

#add a new event 
Write-EventLog –LogName Application –Source “MyPowerShell” –EntryType Information –EventID 1  –Message “This is my first test message.”

We can also list easily all the our events from the event log with the following command.

Get-EventLog -LogName Application -Source MyPowerShell