Searching Event Logs with Powershell

I recently had  a situation where I needed to be able to search an event log for a particular value.

I wrote a quick little script so that our PM could run it with little effort

   1: param ($name)
   2: $user = '*' + $name + '*'
   3: get-eventlog application | where {$_.Message -like $user} | 
   4: format-list Message,TimeGenerated

I am basically searching for event logs that contain a particular name.

It’s pretty straight forward once you find that .Message is what contains the real meat of the event log entry.

You could also obviously use get-eventlog system as well.

Advertisements

One Response to “Searching Event Logs with Powershell”

  1. Joel "Jaykul" Bennett Says:

    Or any of your other event logs, like “Microsoft PowerShell” … use Get-EventLog -List to see what’s available on your system…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: