You have to use Get-WinEvent I think for some of the legacy event logs. Will see if I can find a reference.
Daniel Ratliff From: listsadmin@lists.myITforum.com [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 2:26 PM To: powersh...@lists.myitforum.com Subject: [powershell] RE: What event logs are on a system I should have added that get-eventlog -list doesn't give a complete list. PS C:\Users\TEMP> get-eventlog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 64 0 OverwriteAsNeeded 1,273 Application 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 128 0 OverwriteAsNeeded 1,694 OAlerts 64 0 OverwriteAsNeeded 1,062 Security 64 0 OverwriteAsNeeded 2,415 System 512 0 OverwriteAsNeeded 807 ThinPrint Diagnostics 15,360 0 OverwriteAsNeeded 19,393 Windows PowerShell Thanks Webster From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> [mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster Sent: Monday, March 07, 2016 1:23 PM To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com> Subject: [powershell] What event logs are on a system Using PoSH, how can I get a list of event log names? I am trying to get stuff from the group policy log but not having any luck. The gui shows the logname as "Microsoft-Windows-GroupPolicy/Operational" but get-eventlog doesn't like it. PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy/Operational' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy/Operational" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy" -computername xxx Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy' on computer 'xxx' does not exist. At line:1 char:13 + get-eventlog <<<< -logname "Microsoft-Windows-GroupPolicy" -computername xxx + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand Thanks Webster ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
