Petri

Use PowerShell to Create Custom Log Events

Last time I showed how to use the command tool EVENTCREATE.EXE, to create your own custom event log entries. Today I want to demonstrate how to accomplish this task using Windows PowerShell. Here we’ll use the Write-EventLog cmdlet. The first step should be to look at cmdlet help.

When using this cmdlet you must specify the log name, a source, an event id and a message. In this regard it is very similar to EVENTCREATE.EXE. But you can’t use a non-standard source or something ad hoc. You must use a pre-defined or existing source. An easy way to discover the source names is to use Windows Management Instrumentation (WMI).

If one of these sources seems appropriate, then you can log your own entry like this.

The default entry type is Information. I created my own eventID which has its drawbacks.

I suppose if you wanted to be able to search for the event ID or the message, you could live with the minor “error” in the message.

Not perfect, but functional. While it is theoretically possible to register new sources, if you are going to go to that length you might as well create a new event log using the New-Eventlog cmdlet.

Normally this cmdlet is aimed at application developers building a formal event log. But IT Pros can use this as well. I’m going to create a custom log and define a few sources as well.

What did I just create?

A brand new log. Let’s check my sources.

Finally, let’s write something to it.

You can use any event ID you choose, but you’ll likely want to define them in advance.

Windows doesn’t care now about the event ID. If I need to add another source, all I need to do is rerun the New-Eventlog cmdlet:

Now I have a new source.

Conclusion

The New-Eventlog cmdlet has a –computername parameter so it would be very easy to define a new eventlog on all servers or desktops where you wanted your own custom logging. Have you implemented custom logging? If so, I’d love to hear about it.

Join The Conversation

Sponsors

Sponsors