PowerShell read Eventlog

 

With the command "Get-WinEvent" the Windows Eventlog can be accessed via PowerShell

Evaluation: When was the computer rebooted:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005}

Provided the necessary rights, the event log can also be read from another computer:

With the same user on the logged-in computer:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005}

With the logged in user on another computer

Get-WinEvent -FilterHashtable @{logname='system'; id=6005} -ComputerName HOSTNAME

with another user:

Get-WinEvent -FilterHashtable @{logname='system'; id=6005} -ComputerName HOSTNAME -credentials get-credential

Eventlog list

a list of available eventlogs is listed by the following command:

Get-WinEvent -listlog *

The -listlog parameter can search for specific logs:

Get-WinEvent -listlog *GroupPolicy*

Event log Größe ändern

Limit-Eventlog -logname 'Directory Service' MaximumSize 100MB
positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Updated: 2023-02-02 von Bernhard | Übersetzung Deutsch |🔔 | Comments:0

PowerShell - Handling passwords. | PowerShell | Powershell ISE - Snippet | Templates

Top articles in this section


PowerShell Log-Files: Logging into a textfile - write to file

Log files in PowerShell can be created via the Out-File command, via a custom function, or via PowerShell's built-in Transcript.


PowerShell TCP Listener

PowerShell uses the following commands to open a socket on a specific port via System.NET:


PowerShell: Prevent screen saver, lock: Move mouse regularly

Alternatively, if you can't change the screen lock settings, you can move the mouse regularly, or have a script move the mouse. Originally published as an AutoIt script, I recreated the script with a few PowerShell lines. Anyone who copies the following commands into a PowerShell session will prevent the computer from locking the screen or starting the screensaver:

Questions / Comments