In PowerShell v.1, Get-Eventlog would retrieve standard event log entries from event logs like "System" or "Application," but there was no way to retrieve the many special windows event logs. Inv.2, Get-WinEvent comes to the rescue.
The next line will get you all the event logs this new cmdlet can read out for you:
Get-WinEvent -listLog *
If you want to find special logs, use keywords. The next line will get you all PowerShell-related Windows event logs:
Get-WinEvent -listLog *powershell*
To actually read event log entries from one or more event logs, simply remove the -listLog parameter:
Get-WinEvent *powershell*
ReTweet this Tip!
Posted
Sep 24 2009, 08:00 AM
by
ps1