If you ever want to use the event log to capture information from a script, it's actually pretty easy to do.
First you have to prepare the new entry type for the events you want to capture. Please note that both creating the new log and writing to it will require an elevated prompt.
New-EventLog -logname logname -source your_new_source
The logname can be either Application, System or Security.
Example: new-eventlog -logname System -source John
This will insert the 'John' source into the registry and allow you to then write events to the System log.
Writing an event is pretty simple as well:
Write-Eventlog -logname logname -source source -eventID number -entrytype (Information, Alert, etc) -message "a message"
I actually have written a function as I'm lazy and don't like to type that much:
Function update-eventlog
{
# Source is hardcoded to John
# EventID is hardcoded to 1
# Logname is hardcoded to System
Param($entrytype,$Message)
{
Write-Eventlog -Logname System -Source John -EventID 1 -EntryType $entrytype -message $message
}
Usage:
update-eventlog "entry type" "Message"
Example:
update-eventlog "Information" "This is a test"
Pretty Simple, huh?
[valexa@VAiMac:~] $ new-eventlog
ReplyDelete-bash: new-eventlog: command not found
i assume it is no posix command, then you should state what the software/operating system in cause
My apologies Vlad, this is windows powershell on Windows 7 or XP.
ReplyDeleteGood point however, I will update my blog notes though.