Ensure that the backup file has a unique name before using the Win32_NTEventlogFile and the BackupEventLog method. The operating system does not allow you to overwrite an existing backup file; you must either move the backup file or rename it before you can run the script again. You may need to include the Backup privilege when connecting to WMI. For more information, see Executing Privileged Operations Using VBScript.

Use the Win32_NTEventlogFile class and check the value of the NumberOfRecords property.

Event viewer command line (CMD)

We can open event viewer console from command prompt or from Run window by running the command eventvwr. To retrieve the events information from log files in command line we can use eventquery.vbs. This file can be found in the directory C:\Windows\System32.

Using eventquery.vbs we can dump the events selectively based on various parameters. These parameters include event source, event id, event date, event type(information, error , warning), event log file name(system, application, security, IE etc). Below are few examples on how to use this script file.

To list all the events that are created by a particular service/application.

For example to list all the events that are created by DHCP you can run the below command.

To list all the events originated from Outlook:

To list the events with a specific id.

To list application events that have occurred after a specific time

To print all warning events from application log file:

To dump all the error events generated by a particular user:

This script is not supported in Windows 7.

How to count number of files based on extension form cmd or bash script?

You said this script doesn’t support it on windows 7. How to implement it?

Don’t need to. Use Wevtutil in Win7:
“wevtutil epl [Application/System/Security/etc] [savepath&filename]”

save this content in c:\bullshit.bat(if you have difficulties to save it like .bat ask someone’s help that knows more than you)
____________________________

wevtutil.exe cl Application
wevtutil.exe cl Security
wevtutil.exe cl Setup
wevtutil.exe cl System

then go to Control Panel \ Administrative Tools \ Task Scheduler

right click on left to Task Scheduler Library then on Create Task ….
on the popup will apear General tab will be active and you should fill an name there ,put anything (i fill it bullshit)
then press Triggers then New from da left bottom then Begin a task ,then put it At log on option from that small popup …
un the bottom check repeat task every then click the box after this and put it 5 minutes then click the box after “for a duration of : ” set it Indefinitely..

click on top Actions then in da bottom New…
now in da box “Program/script” put this like is here
start “C:\bullshit.bat”
so is start ,blank space,comma,C:\bullshit.bat,comma again (i write this if the script of this forum will cancel commas or something inside this command you need to fill it right supposing you already save on c:\ the bullshit.bat batch command i explain you on top of my comment)
now the system will clean all windows event logs for you

not what i really wanted

Command Prompt window opens and closes by itself on Windows 10. If I know the time it happened, how can I look it up in Event Viewer? Thanks.

Get-Event Log

Gets the events in an event log, or a list of the event logs, on the local computer or remote computers.

Syntax

Description

The Get-EventLog cmdlet gets events and event logs from local and remote computers. By default, Get-EventLog gets logs from the local computer. To get logs from remote computers, use the ComputerName parameter.

You can use the Get-EventLog parameters and property values to search for events. The cmdlet gets events that match the specified property values.

PowerShell cmdlets that contain the EventLog noun work only on Windows classic event logs such as Application, System, or Security. To get logs that use the Windows Event Log technology in Windows Vista and later Windows versions, use Get-WinEvent .

Get-EventLog uses a Win32 API that is deprecated. The results may not be accurate. Use the Get-WinEvent cmdlet instead.

Examples

Example 1: Get event logs on the local computer

This example displays the list of event logs that are available on the local computer. The names in the Log column are used with the LogName parameter to specify which log is searched for events.

The Get-EventLog cmdlet uses the List parameter to display the available logs.

Example 2: Get recent entries from an event log on the local computer

This example gets recent entries from the System event log.

The Get-EventLog cmdlet uses the LogName parameter to specify the System event log. The Newest parameter returns the five most recent events.

Example 3: Find all sources for a specific number of entries in an event log

This example shows how to find all of the sources that are included in the 1000 most recent entries in the System event log.

The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The Newest parameter selects the 1000 most recent events. The event objects are stored in the $Events variable. The $Events objects are sent down the pipeline to the Group-Object cmdlet. Group-Object uses the Property parameter to group the objects by source and counts the number of objects for each source. The NoElement parameter removes the group members from the output. The Sort-Object cmdlet uses the Property parameter to sort by the count of each source name. The Descending parameter sorts the list in order by count from highest to lowest.

Example 4: Get error events from a specific event log

This example gets error events from the System event log.

The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The EntryType parameter filters the events to show only Error events.

Example 5: Get events from an event log with an InstanceId and Source value

This example gets events from the System log for a specific InstanceId and Source.

The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The InstanceID parameter selects the events with the specified Instance ID. The Source parameter specifies the event property.

Example 6: Get events from multiple computers

This command gets the events from the System event log on three computers: Server01, Server02, and Server03.

The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The ComputerName parameter uses a comma-separated string to list the computers from which you want to get the event logs.

Example 7: Get all events that include a specific word in the message

This command gets all the events in the System event log that contain a specific word in the event’s message. It’s possible that your specified Message parameter’s value is included in the message’s content but isn’t displayed on the PowerShell console.

The Get-EventLog cmdlet uses the LogName parameter to specify the System event log. The Message parameter specifies a word to search for in the message field of each event.

Example 8: Display the property values of an event

This example shows how to display all of an event’s properties and values.

The Get-EventLog cmdlet uses the LogName parameter to specify the System event log. The Newest parameter selects the most recent event object. The object is stored in the $A variable. The object in the $A variable is sent down the pipeline to the Select-Object cmdlet. Select-Object uses the Property parameter with an asterisk ( * ) to select all of the object’s properties.

Example 9: Get events from an event log using a source and event ID

This example gets events for a specified Source and Event ID.

The Get-EventLog cmdlet uses the LogName parameter to specify the Application event log. The Source parameter specifies the application name, Outlook. The objects are sent down the pipeline to the Where-Object cmdlet. For each object in the pipeline, the Where-Object cmdlet uses the variable $_.EventID to compare the Event ID property to the specified value. The objects are sent down the pipeline to the Select-Object cmdlet. Select-Object uses the Property parameter to select the properties to display in the PowerShell console.

Example 10: Get events and group by a property

The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The UserName parameter includes the asterisk ( * ) wildcard to specify a portion of the user name. The event objects are sent down the pipeline to the Group-Object cmdlet. Group-Object uses the Property parameter to specify that the UserName property is used to group the objects and count the number of objects for each user name. The NoElement parameter removes the group members from the output. The objects are sent down the pipeline to the Select-Object cmdlet. Select-Object uses the Property parameter to select the properties to display in the PowerShell console.

Example 11: Get events that occurred during a specific date and time range

This example gets Error events from the System event log for a specified date and time range. The Before and After parameters set the date and time range but are excluded from the output.

The Get-Date cmdlet uses the Date parameter to specify a date and time. The DateTime objects are stored in the $Begin and $End variables. The Get-EventLog cmdlet uses the LogName parameter to specify the System log. The EntryType parameter specifies the Error event type. The date and time range is set by the After parameter and $Begin variable and the Before parameter and $End variable.

Parameters

Gets events that occurred after a specified date and time. The After parameter date and time are excluded from the output. Enter a DateTime object, such as the value returned by the Get-Date cmdlet.

Indicates that this cmdlet returns a standard System.Diagnostics.EventLogEntry object for each event. Without this parameter, Get-EventLog returns an extended PSObject object with additional EventLogName, Source, and InstanceId properties.

To see the effect of this parameter, pipe the events to the Get-Member cmdlet and examine the TypeName value in the result.

Indicates that this cmdlet returns the output as strings, instead of objects.

Gets events that occurred before a specified date and time. The Before parameter date and time are excluded from the output. Enter a DateTime object, such as the value returned by the Get-Date cmdlet.

This parameter specifies a remote computer’s NetBIOS name, Internet Protocol (IP) address, or a fully qualified domain name (FQDN).

If the ComputerName parameter isn’t specified, Get-EventLog defaults to the local computer. The parameter also accepts a dot ( . ) to specify the local computer.

The ComputerName parameter doesn’t rely on Windows PowerShell remoting. You can use Get-EventLog with the ComputerName parameter even if your computer is not configured to run remote commands.

Specifies, as a string array, the entry type of the events that this cmdlet gets.

The acceptable values for this parameter are:

• Error
• Information
• FailureAudit
• SuccessAudit
• Warning

Specifies the index values to get from the event log. The parameter accepts a comma-separated string of values.

Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string of values.

Displays the list of event logs on the computer.

Specifies the name of one event log. To find the log names use Get-EventLog -List . Wildcard characters are permitted. This parameter is required.

Specifies a string in the event message. You can use this parameter to search for messages that contain certain words or phrases. Wildcards are permitted.

Begins with the newest events and gets the specified number of events. The number of events is required, for example -Newest 100 . Specifies the maximum number of events that are returned.

Specifies, as a string array, sources that were written to the log that this cmdlet gets. Wildcards are permitted.

Specifies, as a string array, user names that are associated with events. Enter names or name patterns, such as User01 , User* , or Domain01\User* . Wildcards are permitted.

Inputs

None

You cannot pipe input to Get-EventLog .

Outputs

System.Diagnostics.EventLogEntry. System.Diagnostics.EventLog. System.String

If the LogName parameter is specified, the output is a collection of System.Diagnostics.EventLogEntry objects.

If only the List parameter is specified, the output is a collection of System.Diagnostics.EventLog objects.

If both the List and AsString parameters are specified, the output is a collection of System.String objects.

Notes

The cmdlets Get-EventLog and Get-WinEvent are not supported in the Windows Preinstallation Environment (Windows PE).

Вам также может понравиться

Windows или Linux: Что лучше выбрать?

Есть много причин выбирать между Windows и Linux, но

Файл владелец изменить linux

Команда Chown в Linux Chown Command in Linux (File

Установка шлюза по умолчанию linux

Настройка сети вручную Содержание Краткое описание

Чем разбить диск для linux

ИТ База знаний Курс по Asterisk Полезно — Узнать IP —