[How To] Create EventLog using PowerShell
Have you ever come across a situation where you have to log something on the windows event log and wanted some easy method to do so?
In this article, I will show you how to use Windows PowerShell to log events and go through the steps required to create windows event logs. And I will walk you through the errors you may get in the process and help you resolve it.
First thing first, You need to be using an elevated PowerShell console to do this.
In the PowerShell console, type the below to find the cmdlets which are related to event logs
Get-Command -Noun
From the above list of cmdlets which we get from Get-Command, you can easily guess that Write-EventLog is the cmdlets which can be used to write new event logs. Let’s just test it and write a sample log.But before that, Let’s look at the help for Write-EventLog cmdlet
If you observe the syntax,
Write-EventLog -LogName System -EventId 10 -Source Test123 -Message “This is a Test Log”
You may get an error similar to below. which clearly indicates that the Log Source which you mentioned is not available in the system, which is “Test123” in this case. Let’s create a log source. You can use the New-EventLog cmdlet to do so by entering the below cmdlet
New-EventLog -LogName System -Source ‘Test123’
Now the Source is added, Let’s rerun the above command to create the sample log.
This time, there is no error in the PowerShell Console. Let’s see Event Logs and find out if the log has been created.
To see the logs using PowerShell, you can use the below cmdlet.
Get-EventLog -LogName System -Source Test123 -Newest 1 | Format-List Index,EntryType,Source,TimeGenerated,TimeWritten,Message
If you are writing/have a script which requires PowerShell to create Event Logs when it is executed, you can further automate this process and let PowerShell to dynamically check for these errors and fix it then create an EventLog for you.
Click here if you want to know more on this.