Bootstrap FreeKB - PowerShell - Export event viewer to a log file
PowerShell - Export event viewer to a log file

Updated:   |  PowerShell articles

The get-eventlog cmdlet can be used to view the Event Log in PowerShell. For example, to view every record in the Security log:

$computername = $env:computername
Get-EventLog -ComputerName $computername -log "Security"

 

This command will produce a list of events, something like this.

   Index Time          EntryType   Source                 InstanceID Message                                                                                                                                                      
   ----- ----          ---------   ------                 ---------- -------                                                                                                                                                      
  695920 Mar 20 10:04  FailureA... Microsoft-Windows...         4673 A privileged service was called....                                                                                                                          
  695919 Mar 20 10:03  FailureA... Microsoft-Windows...         4673 A privileged service was called....                                                                                                                          
  695918 Mar 20 10:03  FailureA... Microsoft-Windows...         4673 A privileged service was called....                                                                                                                          
  695917 Mar 20 10:03  SuccessA... Microsoft-Windows...         4688 A new process has been created....                                                                                                                           
  695916 Mar 20 10:03  SuccessA... Microsoft-Windows...         4688 A new process has been created....  

 

To view the entire event, add Format-List -Property *. This will produce verbose output.

$computername = $env:computername
Get-EventLog -ComputerName $computername -log "Security" | Format-List -Property *

 

The output can be redirected to a file.

$computername = $env:computername

$application_log = get-eventlog -ComputerName $computername -log "Application" | Format-List -Property *

$application_log >> C:\temp\event.log

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 797296 in the box below so that we can be sure you are a human.