Get-EventLog

Welcome Forums General PowerShell Q&A Get-EventLog

This topic contains 4 replies, has 2 voices, and was last updated by

 
Participant
4 years, 4 months ago.

  • Author
    Posts
  • #19563

    Participant
    Points: 0
    Rank: Member

    Dudes!

    I'm trying to look for event with event ID 4659. I can do it using:

    Get-EventLog -LogName Security -InstanceId 4659
    

    When I look for properties I can find property Message which contains message of event. But I would like to have XML format of event which can be found looking in event viewer. How can I get that XML format of event (including parsed message)?

  • #19564

    Participant
    Points: 0
    Rank: Member

    Ooooooo...I just found it 🙂
    I have to use

    Get-WinEvent -FilterHashtable @{Logname='Security';Id=4659}
    

    and it does have Methos called ToXml which gives me exactly I want.

    Now the question is "What is difference between Get-WinEvent and Get-EventLog?"

  • #19565

    Member
    Points: 0
    Rank: Member

    I don't believe Get-EventLog can do that for you, but the objects returned by the newer Get-WinEvent cmdlet have a ToXml() method:

    $events = Get-WinEvent -FilterHashtable @{ LogName = 'Security'; ID = 4659 }
    $events[0].ToXml()
    
    • #19567

      Participant
      Points: 0
      Rank: Member

      I already found it, thank you anyway. 🙂

  • #19566

    Member
    Points: 0
    Rank: Member

    Ah, speedy! 🙂 Get-WinEvent is a newer command which has support for all of the custom Windows event logs on a Vista / 2008 and later computer; Get-EventLog only supports the "big 3" of Application, System and Security. Get-EventLog has a couple of other annoying quirks as well, such as not being able to specify alternate credentials when connecting to a remote computer, and using InstanceIDs instead of EventIDs on the command line. (There are 4 possible Instance IDs for each Event ID, a common "gotcha".)

    On the other hand, learning to use Get-WinEvent can be a little tricky, if you're not familiar with the XML / XPath query syntax that is used in the newer Event Viewer console.

The topic ‘Get-EventLog’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort