Welcome to Sign in | Join | Help
in
Home Blog Forums

The Lazy Admin

Managing the Event Logs with MSH

Sponsor

The event log is full of information that can be very useful in troubleshooting. Unfortunatley, it is also full of information that just gets in the way and makes finding things more difficult. There are features within Event Viewer to sort the logs, and there are also 3rd party tools to manage them, but you can also use MSH to manage your event logs!

Using simple MSH commands you can list the contents of an event log, sort by source, group by message type and more. To get the a whole log use the following command: get-eventlog [log name] get-eventlog Application If you wish to sort the records by source use this command: get-eventlog Application | sort Source You can also group the records by Source, it can take a while depending on the number of records, but it is handy! Just run:

get-eventlog Application | group Message

Now event logs can get quite large and hold thousands and thousands of records. You can use the -Newest ### switch to retrieve a set number of the latest events recorded.

And, of course, these can all be combined to get exactly what you are looking for.

get-eventlog Application -newest 100 | sort source

For more information see:

Microsoft PowerShell Center





Published Wednesday, June 28, 2006 6:31 AM by rodney.buike
Filed under:

Comments

No Comments
Anonymous comments are disabled

This Blog

Sponsor

 

Syndication

Advertising

Get a free 5GB e-mail account @isalazyadmin.com

Affiliates

Canadian IT Professionals

Canadian IT Managers

Certifications & Awards


All postings are provided "AS IS" with no warranties, and confer no rights.
Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation.
Copyright TheLazyAdmin Inc. All Rights Reserved 2004-2008