CTP3 – New-EventLog

I have shown how to create an event log using simple .NET code a couple of times including http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!278.entry.  CTP 3 brings us a cmdlet that we can use to perform this act. 

New-EventLog is used as follows.

New-EventLog -LogName TestLog -Source TestSource

All we provide is the name of the log and a Source to register.  A source is a handle (or route) that applications use to write to the event log.  We can view the details of our event log.

PS> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Name
  —— —— ————–        ——- —-
  25,600      0 OverwriteAsNeeded         156 Application
  15,168      0 OverwriteAsNeeded           0 DFS Replication
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
  16,384      0 OverwriteAsNeeded           0 ODiag
  16,384      0 OverwriteAsNeeded       1,106 OSession
   2,048      9 OverwriteOlder              2 Scripts
  20,480      0 OverwriteAsNeeded         296 Security
  20,480      0 OverwriteAsNeeded         573 System
     512      7 OverwriteOlder              0 TestLog
  15,360      0 OverwriteAsNeeded         908 Windows PowerShell

Note the default size, retention days and Overflow action.

One potential issue is how do we view the sources for an event log.  The following script will do this.  Its interesting to run this against the Application log!

param ([string]$log)
Write-Host   $log -ForegroundColor Green
$filt = "LogFileName = ‘" + $log + "’"
Get-WmiObject -Class Win32_NTEventLogFile -Filter $filt | Select -ExpandProperty Sources

If you want to be able to control how applications write to a log then we can add a source for a particular application.

New-EventLog -LogName TestLog -Source "Source2"

Exactly the same as before but because the log exists we just create a new source.


Technorati Tags: ,,

About these ads
This entry was posted in PowerShell V2. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s