![]() PS C:\> Get-WinEvent -logname security | ? -Oldest I have a cheat sheet of Event IDs at my desk, but I'm not there right now so let's find any event containing the word "locked". Whoa, there are a lot more logs! We don't have the space to go over them all, so let's look at a practical example of searching the logs for specific events, such as an account lockout. Here is a demonstration that there is a difference in the number of logs accessible by the powershell commands. ![]() It also allows us to work with saved event log files (.evtx) which is a great new feature! With Vista and beyond, Get-WinEvent is the recommended method, but we will describe both cmdlets since there are a lot of XP and Windows 2003 machines in addition to Vista and Windows 2008 (R1) machines without PowerShell v2. In v2 we have Get-WinEvent, which allows retrieval of a wider range of logs. ![]() It would "get" the standard event logs such as System or Application. In v1, the only option for viewing the event log was Get-EventLog. We will kick off this week with PowerShell and its methods for retrieving information from the Event Log. To make it even more fun, since Windows 7 and Server 2008 R2 are officially out, we now have PowerShell Version 2 with its additional cmdlets and another way to access the Event Log. To fully discuss the differences we would need an entire white paper, so we will stick with getting the familiar information from the event logs. There is now a plethora of new logs in addition to the classic logs. Beginning with Vista, the entire event log system changed. In Windows 2003, XP, and older versions the classic event logs were Application, System, and Security. Windows has different ways to view the Event Log via the command line depending on the version. Ok, maybe not, but we'll still look at them anyway. ![]() This episode we take a look at logs, the window to the soul of your computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |