Write Eventlog with PowerShell

Posted on by

Hello,

Today we are talking about creating event in eventlog with PowerShell. You can use the built-in cmdlet “Write-EventLog” like that :

Write-EventLog -LogName System -Source Ntfs -EntryType Information -EventId 1234 -Message "Created by powerShell Write-EventLog"

Write-EventLog

But, like the help says, it requires a registered source, and the event is not as clean as we could expect.

Note : To get registered sources for an EventLog :

(Get-WmiObject win32_NTEventlogfile -Filter "LogFileName='System'").sources

Here is an other method :

$EventLog = New-Object System.Diagnostics.EventLog('System')
$EventLog.MachineName = "$env:computername"
$EventLog.Source = "It For Dummies"
$EventLog.WriteEntry("Event created by PowerShell, using a System.Diagostic.Eventlog object.",'Information',1234,2)

System.Diag.Eventlog

You’ll find a lot of details about that type of object here.

The event is clean, and you can use any kind of sources.

It can be useful if you put that code in all your scripts and using a monitoring solution to keep track of those events, to track your scripts usage, and prove to your boss that investing in scripts development can lead to maximize efficiency of your coworkers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.