Get-EventLog

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Ondrej Zilinec Ondrej Zilinec 2 years, 2 months ago.

  • Author
    Posts
  • #19563
    Profile photo of Ondrej Zilinec
    Ondrej Zilinec
    Participant

    Dudes!

    I'm trying to look for event with event ID 4659. I can do it using:

    Get-EventLog -LogName Security -InstanceId 4659
    

    When I look for properties I can find property [b]Message[/b] which contains message of event. But I would like to have XML format of event which can be found looking in event viewer. How can I get that XML format of event (including parsed message)?

  • #19564
    Profile photo of Ondrej Zilinec
    Ondrej Zilinec
    Participant

    Ooooooo...I just found it 🙂
    I have to use

    Get-WinEvent -FilterHashtable @{Logname='Security';Id=4659}
    

    and it does have Methos called [b]ToXml[/b] which gives me exactly I want.

    Now the question is "What is difference between Get-WinEvent and Get-EventLog?"

  • #19565
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    I don't believe Get-EventLog can do that for you, but the objects returned by the newer Get-WinEvent cmdlet have a ToXml() method:

    $events = Get-WinEvent -FilterHashtable @{ LogName = 'Security'; ID = 4659 }
    $events[0].ToXml()
    
    • #19567
      Profile photo of Ondrej Zilinec
      Ondrej Zilinec
      Participant

      I already found it, thank you anyway. 🙂

  • #19566
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Ah, speedy! 🙂 Get-WinEvent is a newer command which has support for all of the custom Windows event logs on a Vista / 2008 and later computer; Get-EventLog only supports the "big 3" of Application, System and Security. Get-EventLog has a couple of other annoying quirks as well, such as not being able to specify alternate credentials when connecting to a remote computer, and using InstanceIDs instead of EventIDs on the command line. (There are 4 possible Instance IDs for each Event ID, a common "gotcha".)

    On the other hand, learning to use Get-WinEvent can be a little tricky, if you're not familiar with the XML / XPath query syntax that is used in the newer Event Viewer console.

You must be logged in to reply to this topic.