Reputation: 13432
How can I read analytical Windows events from 'Applications and Services Logs' using PowerShell?
I use Get-EventLog to read events. Using this cmdlet, I can successfully read the System and the Security event logs for example. I can also list all available logs by issuing the following command:
Get-EventLog -LogName * | Select-Object -Property Log
Output:
Log
---
Application
HardwareEvents
Internet Explorer
Key Management Service
OAlerts
Parameters
Security
State
System
Windows PowerShell
But this list does not contain all of the logs you can find under Applications and Services logs, e. g.: I'd like to read the events from this path that can be traversed inside the Event Viewer:
Applications and Services Logs > Microsoft > Windows > DNS-Server > Analytical
I'm doing this on a Windows DNS-Server with Show Analytic and Debug Logs enabled under View and also a configured and enabled Analytical log for DNS-Server.
Upvotes: 2
Views: 2847
Answers (1)
Reputation: 13432
Tl;dr:
Use Get-WinEvent instead and add the -Oldest parameter:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Analytical -Oldest
Get-EventLog is a legacy cmdlet to read the Windows event log and it cannot be used to read all available event logs (look for the note in the documentation of this cmdlet):
Get-EventLoguses a Win32 API that is deprecated. The results may not be accurate. Use theGet-WinEventcmdlet instead.
With Get-WinEvent you can list all available logs using Get-WinEvent -ListLog * or you can filter for all DNS related logs:
Get-WinEvent -ListLog *DNS* | Select-Object -Property LogName
Output:
LogName
-------
DNS Server
Microsoft-Windows-DNS-Client/Operational
Microsoft-Windows-DNSServer/Audit
Add the -Force parameter to also see Debug and Analytical events:
LogName
-------
DNS Server
Microsoft-Windows-DNS-Client/Operational
Microsoft-Windows-DNSServer/Analytical
Microsoft-Windows-DNSServer/Audit
You can read the events by passing those names to the -LogName parameter:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Audit
You'll get an error when trying to read the Microsoft-Windows-DNSServer/Analytical log:
Get-WinEvent : The Microsoft-Windows-DNSServer/Analytical event log can be read only in the forward chronological order because it is an analytical or a debug log. To see events from the Microsoft-Windows-DNSServer/Analytical event log, use the Oldest parameter in the command.
So just add -Oldest and you are good to go:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Analytical -Oldest
Upvotes: 4
Related Questions
- Get-eventlog: How to get all Logs (Application, System, Security, etc) using powershell
- Powershell get eventlog source
- Powershell - Getting advanced eventlog informations (xml?)
- How can I only read the 'Applications and Services logs' using PowerShell?
- Powershell: Need to get Event Viewer log
- Powershell script to filter Windows Event Logs
- Working with Windows Event Logs in PowerShell
- Get information about Event Log settings
- Analyse Windows event log entries using PowerShell and regular expressions
- Powershell: filtering event logs