Categories

16844

Clearing Event logs

I needed to clear some event logs on a test machine. Rather than picking and choosing I’ll clear them all

Get-EventLog -List |
where {($_.Entries).Count -gt 0} |
foreach {Clear-EventLog -LogName $_.Log}

 

The interesting part is the where-object filter in that Entries is a collection of the Entries in the log. If you want the number of entries you have to specificaly ask for it. The output of get-eventlog –list is formatted to display the count

Windows 8 svchost

When you run get-process you will see a number of entries named svchost.  These are processes that host services. In task manager on Windows 7 and below all we see is the svchost entry. In the Windows 8 family we see the services running in a particular host

Now can we do anything similar with PowerShell.

Get-Service doesn’t do anything to help BUT the Win32_Service class has a ProcessID property that we can use

Get-CimInstance -ClassName Win32_Service |             
sort ProcessID -Descending |            
foreach {            
  $proc = Get-Process -Id $_.ProcessID            
  $_ | Add-Member -MemberType NoteProperty -Name ProcessName -Value $($proc.ProcessName) -PassThru            
} |            
Format-Table DisplayName, ProcessName -GroupBy ProcessId


I’ve used Get-CimInstance in this example because of the CIM cmdlets are new to PowerShell v3. For a PowerShell v2 install use Get-WmiObject



Get-WmiObject -Class Win32_Service |             
sort ProcessID -Descending |            
foreach {            
  $proc = Get-Process -Id $_.ProcessID            
  $_ | Add-Member -MemberType NoteProperty -Name ProcessName -Value $($proc.ProcessName) -PassThru            
} |            
Format-Table DisplayName, ProcessName -GroupBy ProcessId


The WMI objects are piped through sort & into foreach where we add the process name. In both cases I’ve used Get-Process – either Get-CIMInstance or Get-WmiObject using the Win32_Process class could be used instead.



Format-table is used with GroupBy to produce a nicely formatted report. This information is important because it shows the services that are related to a particular process and the impact if that process fails..