Author Posts

October 10, 2013 at 8:50 am

I am attempting to write custom events to a custom event log on two different servers. One server is 2012, the other is 2008R2. Both servers have PowerShell ver3.0 installed. I used the following command on both servers to create the custom log:

New-EventLog -LogName MyPowerShellLog -Source MySource

On both servers, the MyPowerShellLog appears in the Event Viewer MMC. To write to the new log I use the following on both servers:

Write-EventLog -LogName MyPowerShellLog -Source MySource -Event 51234 -EntryType Information -Message "I am writing to my custom event log"

On the 2012 server, the log entry appears in the MyPowerShellLog in the MMC. On the 2008R2 server, the log entry appears in the Application log, and the MyPowerShellLog remains empty in the MMC. I run the following command to view entries in the log:

Get-EventLog -LogName MyPowerShellLog

On the 2012 server, I see just the entry from MyPowerShellLog. On the 2008R2 server, I see all entries from the Application Log.

Is this a difference between the type versions of Server, a bug, or am I doing something incorrect?

Regards,
KarbonFybar

October 11, 2013 at 3:07 am

First step is to check that the source on the 2008 R2 server is actually pointing to the correct log

Get-WmiObject -Class Win32_NTEventLogFile -Filter "LogFileName = 'Application'" | select -ExpandProperty Sources

will show you the sources pointing to the application log

repeat for your new log

Is your source pointing to the correct log?

October 11, 2013 at 5:48 am

Richard,
Thank you for your reply. I ran the line as you suggested for both the Application log and my custom log. My source appears under my custom log and does not appear under the Application log.

October 11, 2013 at 10:38 am

I just tried you code on a Windows 2008 R2 box and it worked correctly with a normal PowerShell prompt and an elevated prompt.

I've never seen this before and honestly don't know what to suggest. You could try deleting the custom log and recreating but if your system is corrupted in some way that might take the application log out. Alternatively try creating another custom log and see what happens