Skip to main content

Powershell command to get event logs

 


    To get Event Log List: 

        Get-Eventlog -list

        PS C: Get-EventLog -list max(K) Retain OverflowAction 2ø,48ø 2ø,48ø 2ø,48ø 128 5, 12B 2ø,48ø 15,36ß OverwriteAsNeeded OverwriteAsNeeded 7 OverwriteOIder OverwriteAsNeeded OverwriteAsNeeded 7 OverwriteOIder OverwriteAsNeeded OverwriteAsNeeded OverwriteAsNeeded Entries 3,958 17 5 439 4, 349 42 Application HardwareEvents Internet Explorer Key management Service OAI s Parameters RW•I System Security State System Wi ndows PowerSheII


    To filter event by error type: 

        Get-Eventlog -LogName Application -EntryType Error

        PS C: Get-EventLog -LogNarne Application Index 3898 3882 3856 3782 3666 3641 3622 3567 347 2 3446 3441 3379 3369 3338 3337 3336 Time Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb Feb 21 18 18 18 15 15 13 13 13 13 12 12 12 12 17 19 13 16 22 19 19 13 16 14 14 14 : 54 : 36 : 46 : 33 : 36 : 31 : 35 E n try Type Error Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Ernr Source Office 2Ø16 Office 2ß16 Office 2ß16 Office 2ß16 Licen.. Licen... Licen.. Licen.. -Entry Type Error InstanceID 3221227476 15ß4 I ØØØ I ØØØ I ØØØ 15ß4 3221226477 I ØØø 1ß26 message The description The description The description The description The description for for for for for Event Event Event Event Event ID ID ID ID ID 'B' in Source ' e ' in Source ' e ' in Source ' e ' in Source 'Office 2Ø16... in Source 'Office 2ß16... 'Office 2ß16... 'Office 2ß16... completely. . microsoft-Windows... Application Ernr Office 2ß16 Licen.. microsoft-Windows... Office 2ß16 Licen... Application Ernr Office 2ß16 Licen... mi crosoft-Wi ndows Application Ernr Application Ernr .NET Runtime Windows cannot update roaming profile Faulting application name: LTCIient.exe, version: ø.ø.ø.. The description for Event ID 'B' in Source 'Office 2ß16... Access to performance data was denied to user "SYSTEM" The description for Event ID 'B' in Source 'Office 2ß16... Faulting application name: SkypeApp.exe, version: 8.38.... The description for Event ID 'B' in Source 'Office 2ß16... Windows cannot update roaming profile completely. . Windows cannot access the file for one of the followin.. Faulting application name: LTCIient.exe, version: 19ø.3.. Application: LTCIient.exe..


    Parameters use to search event logs include:

    • After - User specifies a date and time and the cmdlet will locate events that occurred after
    • AsBaseObject - Provides System.Diagnostics.EventLogEntry for each event
    • AsString - Returns the output as strings
    • Before - User specifies a date and time and the cmdlet will locate the event that occurred before
    • ComputerName - Used to refer to a remote computer
    • EntryType - Specifies the entry type of events (Error, Failure Audit, Success Audit, Information, Warning)
    • Index - Specifies index values the cmdlet finds events from
    • List - Provides a list of event logs
    • UserName - Specifies usernames associated with a given event
    To expert event logs:
        wevtutil epl Application C:\application.evtx

Comments

Post a Comment

Popular posts from this blog

Datto Backup Process

                                                    Backup Process Local Backup The protected machine generates data that needs to be backed up.   The Datto appliance sends a backup request to the agent software installed on the protected machine.   The agent software opens the network transfer protocol and initiates the VSS snapshot on the protected machine.   The backup data is transferred over the network to the Datto and written to the live dataset.   On the Datto appliance, ZFS takes a point-in-time snapshot of the live dataset and integrates it into the backup chain.         Roundtrip:-                Roundtrip drives are external hard drives provided b y Datto to expedite the transfer of large data sets to the Datt...
Post a Comment
Read more

Beyond the Basics: Understanding the 3-2-1 Backup Rule

In our increasingly digital world, data is king. From cherished family photos and important financial documents to critical business records, our lives and livelihoods depend on the availability and integrity of our digital information. But what happens when disaster strikes? A hard drive crashes, a laptop is stolen, a ransomware attack locks down your files, or a natural disaster renders your primary systems unusable? ​That's where the 3-2-1 backup rule comes in. It's a simple, elegant, and incredibly effective strategy for data protection that every individual and organization should adopt. Forget complex jargon – let's break down this fundamental principle of digital resilience. ​What is the 3-2-1 Backup Rule? ​The 3-2-1 rule is a widely recommended guideline for ensuring your data is safe and recoverable in almost any scenario. It's built on three core tenets: ​ 1. 3 Copies of Your Data: This is your foundational layer of protection. You should al...
Post a Comment
Read more

Windows Stuck on "Preparing to configure Windows"

           Preparing to configure Windows. Do not turn off your computer.   When server got stuck from long time on “Preparing to configure Windows Do not turn off your computer” . Don’t powering it off because it may be bad effect on your OS. Here have fix to get rid out of this.                                                                                                   Steps to Fix: Logged into another server on the same domain. Open Services console Right Click on Service (Local), then click on “Connect to...
Post a Comment
Read more