Sometimes, you may need to have the event ID for a system event, though what you really need is the instance ID. For example, Get-EventLog will only support instance IDs, but no event IDs. Here is a function that can translate event IDs into instance IDs:
function ConvertTo-InstanceID($eventID) {
try {
get-wmiobject Win32_NTLogEvent -filter "EventCode=$eventID" |
Foreach-Object { $_.EventIdentifier; Throw "Done" }
} catch {}
}
ReTweet this Tip!
Posted
May 18 2011, 08:00 AM
by
ps1