I am attempting to write custom events to a custom event log on two different servers. One server is 2012, the other is 2008R2. Both servers have PowerShell ver3.0 installed. I used the following command on both servers to create the custom log:
New-EventLog -LogName MyPowerShellLog -Source MySource
On both servers, the MyPowerShellLog appears in the Event Viewer MMC. To write to the new log I use the following on both servers:
Write-EventLog -LogName MyPowerShellLog -Source MySource -Event 51234 -EntryType Information -Message "I am writing to my custom event log"
On the 2012 server, the log entry appears in the MyPowerShellLog in the MMC. On the 2008R2 server, the log entry appears in the Application log, and the MyPowerShellLog remains empty in the MMC. I run the following command to view entries in the log:
Get-EventLog -LogName MyPowerShellLog
On the 2012 server, I see just the entry from MyPowerShellLog. On the 2008R2 server, I see all entries from the Application Log.
Is this a difference between the type versions of Server, a bug, or am I doing something incorrect?
First step is to check that the source on the 2008 R2 server is actually pointing to the correct log
Get-WmiObject -Class Win32_NTEventLogFile -Filter "LogFileName = 'Application'" | select -ExpandProperty Sources
will show you the sources pointing to the application log
repeat for your new log
Is your source pointing to the correct log?
I just tried you code on a Windows 2008 R2 box and it worked correctly with a normal PowerShell prompt and an elevated prompt.
I've never seen this before and honestly don't know what to suggest. You could try deleting the custom log and recreating but if your system is corrupted in some way that might take the application log out. Alternatively try creating another custom log and see what happens
You must be logged in to reply to this topic.