10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

3

Event Viewer is my usual stop to check event log when needed. It has everything I need to find the information I am looking for but still, sometimes I do feel the needs of having a better way to quickly check out the log file from a local and remote computer. Usually, PowerShell is my answer when it happens.

Get-EventLog is the cmdlet used to pull the information from the event log. It has a lot of parameters that you can use to get more accurate and targeted results. Here are some examples for you to get some ideas how it works.

Example #1 – Get the list of available event logs on the local computer

Get-EventLog -List

Example #2 – Get System Log on the local computer

Get-EventLog -LogName System

Well, the result is going to be so long that you won’t be able to find anything useful.

Example #3 – Get the most recent 10 entries from System log

Get-EventLog -LogName System -Newest 10

Windows PowerShell 2015 09 29 15 31 14 600x208 - 10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

Example #4 – Get local system log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015"

This gets you the list of System log file happened on Sept. 28, 2015.

Example #5 – Get only the error entries from local System log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015" -EntryType Error

Windows PowerShell 2015 09 29 15 53 58 600x152 - 10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

Example #6 – Get Error and Warning Entries from local System log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'}

Example #7 – Get error and warning System Log entries on a certain day and order by the source

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source

Windows PowerShell 2015 09 29 16 00 21 600x404 - 10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

Example #8 – Get error and warning entries from a remote computer on a certain day and order by the source

Get-EventLog -ComputerName "TS" -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source

Windows PowerShell 2015 09 29 16 18 06 600x222 - 10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

Example #9 – Get all System Log entries related to Disk

Get-EventLog -LogName System -Source Disk

Example #10 – Get the list of sources in local system log with the count number

Get-EventLog -LogName System | Group-Object Source | Sort-Object Count -Descending

Windows PowerShell 2015 09 29 16 25 06 600x383 - 10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

That’s probably enough for the day.

3 COMMENTS

  1. The last example has a bad command:
    Get-EventLog -LogName System | Group-Object Source | Order-Object Count -Descending
    Should be:
    Get-EventLog -LogName Application | Group-Object Source | Sort-Object Count -Descending

    Order-Object should be Sort-Object allowed it to run per the example for me

LEAVE A REPLY

Please enter your comment!
Please enter your name here