Monthly Archive

Categories

Win 7 Event log

The PowerShell team like adding extras for us poor admins to play with so time to start poking into PowerShell on Windows 7 RC.  On the surface it seems to be about the same as Windows 7 beta \ CTP 3 but as the build number is higher
 
PS> $PSVersionTable
Name                           Value
----                           -----
CLRVersion                     2.0.50727.4918
BuildVersion                   6.1.7100.0
PSVersion                      2.0
WSManStackVersion              2.0
PSCompatibleVersions           {1.0, 2.0}
SerializationVersion           1.1.0.1
PSRemotingProtocolVersion      2.0
 
we might expect some changes.
 
One good place to start is the eventlog cmdlets.  This was available earlier but I do like the -before and -after parameters on get-eventlog
 
$now = Get-Date
$then = (Get-Date).AddDays(-5)
Get-EventLog -LogName system -Before $now -After $then -InstanceId 12
 
Id 12 is the first event my machine writes to the log when it starts up.  BTW do you know how many events get written to the log at startup.  Startup your machine. Open PowerShell
 
$date = [datetime]"05/12/2009"
(Get-EventLog -LogName system -After $date).count
 
I got 120 back. No wonder it takes a while to fully start!!
 
 
 

Leave a Reply