By looking at these details, I can decide what information I actually find useful, and that will guide my selection process. The output includes the machine name, the time the event was generated, the user name, the message, and other properties.
Get-EventLog -LogName system -Source user32 -Newest 1 | fl * In the following command, fl is an alias for Format-List and * means to choose all of the properties: To this, I send the output to the Format-List cmdlet and select all of the properties. Let me look at one instance of the 1074 event. My output, which appears in the following image, tells me that I only have a single EventID: 1074. Get-EventLog -LogName system -Source user32 | group EventID All I want to do is to group them by EventID, then I can dive into them in a little bit. Note For more information about Microsoft Operations Management Suite Search capabilities, see my series of blog posts on the MSOMS Team blog.Īt this point, I do not need to know which event is normal or unexpected. One is normal, and the other is an unexpected shutdown. I also know from working with the Microsoft Operations Management Suite that there are two event IDs associated with the Shutdown Event Tracker. The command and output are shown in the following image: Get-EventLog -LogName system -Source user32 I can search for this information directly from the System event log by using the Get-EventLog cmdlet: It writes to the System event log and the source is User32.
Since Windows XP and Windows 2003, Windows has had the Shutdown Event Tracker, which will track what is going on with shutdowns. Today I will use Get-EventLog because I am only working with a classic event log, and I am only working on my local computer. The other, Get-EventLog, is super easy, and it works great for ad hoc parsing. One, Get-WinEvent, is super powerful, but a bit tricky to use. There are two basic Windows PowerShell cmdlets that parse the event log. It makes it easy to gain insights into what is going on with your computer, server, or whatever device. However, as sweet as both of these are, neither is a sweet as parsing the event log with Windows PowerShell. This is also true of a certain variety of tangelo that is super sweet. One of the great things about central Florida during this time of the year is that there are certain fruits, such as red grapefruit, that are in season. Summary: Using the Windows PowerShell Get-EventLog cmdlet makes it easy to parse the system event log for shutdown events.
0 kommentar(er)
