PowerShell for Windows Admins

Aug 29 2014   1:00PM GMT

Event Log Providers

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

An event log provider is writes to an event log.  I’ve used WMI in the past to get these but while looking for somethign else discovered that Get-WinEvent can also find this information

 

Get-WinEvent -ListProvider * | ft Name, LogLinks -AutoSize –Wrap

 

Provides a nice long list of all of the providers and the event logs they write to.

 

Usually I’m only interested in what’s writing to a particular event log. And that’s where things get a bit more messy.

 

The loglinks are supplied as a System.Collections.Generic.IList[System.Diagnostics.Eventing.Reader.EventLogLink] LogLinks  object that doesn’t play nicely with –in or –contains

 

So we need a bit of PowerShell manipulation to get what we want

 

$log = ‘System’

Get-WinEvent -ListProvider * |
foreach {

if ($log -in ($psitem | select -ExpandProperty Loglinks | select -ExpandProperty Logname)){
New-Object -TypeName psobject -Property @{
Name = $psitem.Name
Log = $log
}
}
}

 

The trick here is that the loglinks are a collection of objects so you need to expand them twice to get to the name.  Not pretty but it works

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: