Event Log Providers
Published August 29, 2014An event log provider is writes to an event log. I’ve used WMI in the past to get these but while looking for somethign else discovered that Get-WinEvent can also find this information
Get-WinEvent -ListProvider * | ft Name, LogLinks -AutoSize –Wrap
Provides a nice long list of all of the providers and the event logs they write to.
Usually I’m only interested in what’s writing to a particular event log. And that’s where things get a bit more messy.
The loglinks are supplied as a System.Collections.Generic.IList[System.Diagnostics.Eventing.Reader.EventLogLink] LogLinks object that doesn’t play nicely with –in or –contains
So we need a bit of PowerShell manipulation to get what we want
$log = 'System'
Get-WinEvent -ListProvider * |
foreach {
if ($log -in ($psitem | select -ExpandProperty Loglinks | select -ExpandProperty Logname)){
New-Object -TypeName psobject -Property @{
Name = $psitem.Name
Log = $log
}
}
}
The trick here is that the loglinks are a collection of objects so you need to expand them twice to get to the name. Not pretty but it works
Leave a Reply
You must be logged in to post a comment.