Catching an entry out of EventLog

Welcome Forums General PowerShell Q&A Catching an entry out of EventLog

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
3 years, 9 months ago.

  • Author
    Posts
  • #24382

    Participant
    Points: 0
    Rank: Member

    Hello,

    I have a requirement is to capture the first "Kernel-Boot" time on current day.

    The cmdlet/script I am currently using is as below, which gives me the latest 10 entries.
    "Get-EventLog -LogName System -Message "*Kernel-Boot*" -Newest 10 |select -Property Source,TimeGenerated,TimeWritten |sort timeGenerated -Descending |ConvertTo-Html |Out-File C:\MyWeb.html".

    I worked on -After & -Before parameters and was not successful at getting desired result. I am looking for a simple solution. Appreciate if someone can help me here.

    Thanks.

  • #24392

    Keymaster
    Points: 1,785
    Helping HandTeam Member
    Rank: Community Hero

    You might have an easier time using WMI for this. The Win32_NTLogEvent (https://msdn.microsoft.com/en-us/library/aa390413(v=vs.85).aspx) contains the same information, and you can use the -Filter parameter of Get-WmiObject or Get-CimInstance to have WMI filter for just the event you want. You might also look at Get-WinEvent, which provides a bit more in the way of detailed filtering. It'll be helpful to know the Event ID of the event you want, since that's one of the easiest ways to quickly filter for that event.

  • #24417

    Participant
    Points: 0
    Rank: Member

    Thanks Don.
    Will try your approach, in meantime below script also gave me desired result.

    $MyDate = (get-date).AddDays(-1)
    $MyResult = Get-EventLog -LogName System -Message "*Kernel-Boot*" -Newest 1 -After $MyDate |select Source,TimeGenerated |ConvertTo-Html |Out-File C:\MyWeb.html
    $MyResult
    explorer.exe C:\MyWeb.html

The topic ‘Catching an entry out of EventLog’ is closed to new replies.