Searching Event Logs with Powershell
March 27, 2008 at 2:03 PM
—
Andy Schneider
I recently had a situation where I needed to be able to search an event log for a particular value.
I wrote a quick little script so that our PM could run it with little effort
1: param ($name)
2: $user = '*' + $name + '*'
3: get-eventlog application | where {$_.Message -like $user} | 4: format-list Message,TimeGenerated
I am basically searching for event logs that contain a particular name.
It's pretty straight forward once you find that .Message is what contains the real meat of the event log entry.
You could also obviously use get-eventlog system as well.
a22f6fac-938f-4ebb-8d58-7fb7447d6ce5|0|.0
Posted in:
Tags: