PowerShell read Eventlog

 

With the command "Get-WinEvent" the Windows Eventlog can be accessed via PowerShell

Evaluation: When was the computer rebooted:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005}

Provided the necessary rights, the event log can also be read from another computer:

With the same user on the logged-in computer:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005}

With the logged in user on another computer

Get-WinEvent -FilterHashtable @{logname='system'; id=6005} -ComputerName HOSTNAME

with another user:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005} -ComputerName HOSTNAME -credentials get-credential

Eventlog list

a list of available eventlogs is listed by the following command:

Get-WinEvent -listlog *

The -listlog parameter can search for specific logs:

Get-WinEvent -listlog *GroupPolicy*

Event log Größe ändern

Limit-Eventlog -logname 'Directory Service' MaximumSize 100MB
positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Questions / Comments