[powershell] RE: What event logs are on a system

[Webster]

Thanks Daniel. That got me headed in the right direction.

$GPTime = get-winevent -logname Microsoft-Windows-GroupPolicy/Operational | 
where {$_.id -eq "8001"} | select message

Thanks


Webster

From: listsadmin@lists.myITforum.com [mailto:listsadmin@lists.myITforum.com] On 
Behalf Of Webster
Sent: Monday, March 07, 2016 1:35 PM
To: powersh...@lists.myitforum.com
Subject: [powershell] RE: What event logs are on a system

Thanks for the pointer. Example 8 should get me started.

-------------------------- EXAMPLE 8 --------------------------

C:\PS>(get-winevent -listprovider microsoft-windows-grouppolicy).events | 
format-table id, description -auto


Description
-----------
This command lists the event IDs that the Microsoft-Windows-GroupPolicy event 
provider generates along with the eve
nt description.

It uses the Events property of the object that Get-WinEvent returns when you 
use the ListProvider parameter, and it
uses the ID and Description properties of the object in the Events property.


From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> 
[mailto:listsadmin@lists.myITforum.com] On Behalf Of Daniel Ratliff
Sent: Monday, March 07, 2016 1:28 PM
To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
Subject: [powershell] RE: What event logs are on a system

You have to use Get-WinEvent I think for some of the legacy event logs. Will 
see if I can find a reference.

Daniel Ratliff

From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> 
[mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster
Sent: Monday, March 07, 2016 2:26 PM
To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
Subject: [powershell] RE: What event logs are on a system

I should have added that get-eventlog -list doesn't give a complete list.

PS C:\Users\TEMP> get-eventlog -list

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
      64      0 OverwriteAsNeeded       1,273 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded       1,694 OAlerts
      64      0 OverwriteAsNeeded       1,062 Security
      64      0 OverwriteAsNeeded       2,415 System
     512      0 OverwriteAsNeeded         807 ThinPrint Diagnostics
  15,360      0 OverwriteAsNeeded      19,393 Windows PowerShell

Thanks


Webster

From: listsadmin@lists.myITforum.com<mailto:listsadmin@lists.myITforum.com> 
[mailto:listsadmin@lists.myITforum.com] On Behalf Of Webster
Sent: Monday, March 07, 2016 1:23 PM
To: powersh...@lists.myitforum.com<mailto:powersh...@lists.myitforum.com>
Subject: [powershell] What event logs are on a system

Using PoSH, how can I get a list of event log names? I am trying to get stuff 
from the group policy log but not having any luck. The gui shows the logname as 
"Microsoft-Windows-GroupPolicy/Operational" but get-eventlog doesn't like it.

PS C:\Users\TEMP> get-eventlog -logname 
"Microsoft-Windows-GroupPolicy/Operational" -computername xxx
Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy/Operational' on 
computer 'xxx' does not exist.
At line:1 char:13
+ get-eventlog <<<<  -logname "Microsoft-Windows-GroupPolicy/Operational" 
-computername xxx
    + CategoryInfo          : NotSpecified: (:) [Get-EventLog], 
InvalidOperationException
    + FullyQualifiedErrorId : 
System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand

PS C:\Users\TEMP> get-eventlog -logname "Microsoft-Windows-GroupPolicy" 
-computername xxx
Get-EventLog : The event log 'Microsoft-Windows-GroupPolicy' on computer 'xxx' 
does not exist.
At line:1 char:13
+ get-eventlog <<<<  -logname "Microsoft-Windows-GroupPolicy" -computername xxx
    + CategoryInfo          : NotSpecified: (:) [Get-EventLog], 
InvalidOperationException
    + FullyQualifiedErrorId : 
System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand

Thanks


Webster

================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1

================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1

The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1

================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1


================================================
Did you know you can also post and find answers on PowerShell in the forums?
http://www.myitforum.com/forums/default.asp?catApp=1