PowerShell for Windows Admins

Aug 29 2014   1:00PM GMT

Event Log Providers

Richard Siddaway Richard Siddaway Profile: Richard Siddaway


An event log provider is writes to an event log.  I’ve used WMI in the past to get these but while looking for somethign else discovered that Get-WinEvent can also find this information.

Get-WinEvent -ListProvider * | ft Name, LogLinks -AutoSize –Wrap

Provides a nice long list of all of the providers and the event logs they write to.

Usually I’m only interested in what’s writing to a particular event log. And that’s where things get a bit more messy.

The loglinks are supplied as a System.Collections.Generic.IList[System.Diagnostics.Eventing.Reader.EventLogLink] LogLinks  object that doesn’t play nicely with –in or –contains

So we need a bit of PowerShell manipulation to get what we want

$log = ‘System’

Get-WinEvent -ListProvider * |
foreach {

if ($log -in ($psitem | select -ExpandProperty Loglinks | select -ExpandProperty Logname)){
New-Object -TypeName psobject -Property @{
Name = $psitem.Name
Log = $log

The trick here is that the loglinks are a collection of objects so you need to expand them twice to get to the name. Not pretty but it works

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: