W2KSG: Reading Event Logs

The scripting guide use WMI to read classic event logs.  We have get-eventlog.  Much easier.

# Listing 12.8
Get-EventLog -LogName System

# Listing 12.9
Get-EventLog -LogName System | Where {$_.EventId -eq 7036}

Listing 12.10
Get-EventLog -LogName System | Where {$_.Timewritten -gt ((Get-Date).Adddays(-2))}

Listing 12.8 shows how to read a specific log.  There could be a lot of data there!!  We can restrict the data by eventid (Listing 12.9) or date (Listing 12.10)


