header image

CTP3 – New-EventLog

Posted by: | December 31, 2008 | No Comment |

I have shown how to create an event log using simple .NET code a couple of times including http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!278.entry.  CTP 3 brings us a cmdlet that we can use to perform this act. 

New-EventLog is used as follows.

New-EventLog -LogName TestLog -Source TestSource

All we provide is the name of the log and a Source to register.  A source is a handle (or route) that applications use to write to the event log.  We can view the details of our event log.

PS> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Name
  —— —— ————–        ——- —-
  25,600      0 OverwriteAsNeeded         156 Application
  15,168      0 OverwriteAsNeeded           0 DFS Replication
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
  16,384      0 OverwriteAsNeeded           0 ODiag
  16,384      0 OverwriteAsNeeded       1,106 OSession
   2,048      9 OverwriteOlder              2 Scripts
  20,480      0 OverwriteAsNeeded         296 Security
  20,480      0 OverwriteAsNeeded         573 System
     512      7 OverwriteOlder              0 TestLog
  15,360      0 OverwriteAsNeeded         908 Windows PowerShell

Note the default size, retention days and Overflow action.

One potential issue is how do we view the sources for an event log.  The following script will do this.  Its interesting to run this against the Application log!

param ([string]$log)
Write-Host   $log -ForegroundColor Green
$filt = "LogFileName = ‘" + $log + "’"
Get-WmiObject -Class Win32_NTEventLogFile -Filter $filt | Select -ExpandProperty Sources

If you want to be able to control how applications write to a log then we can add a source for a particular application.

New-EventLog -LogName TestLog -Source "Source2"

Exactly the same as before but because the log exists we just create a new source.


Technorati Tags: PowerShell,CTP3,Event Logs

under: PowerShellV2