I work on a tool which will be able to handle events and make actions if specific eventIDs are found in eventlog. For testing I would like to create fake events, which are the same as by system generated events. What is the easiest way to create events in Windows systems? I would like to do this with pure PowerShell 2.0.
Asked
Active
Viewed 123 times
-1
appkovacs
- 1
- 1
-
What actions you want to complete after receive an event? – HEMAN85 Nov 17 '16 at 14:50
-
1Why on earth would you want to use Powershell 2.0? The language has been massively updated, changed, and expanded since then and is currently at version 5.1. – Colyn1337 Nov 17 '16 at 14:50
-
1Have you tried Write-EventLog? This cmdlet allows you to add your own events to the log? – Jim B Nov 17 '16 at 14:52
-
There are also already 30 different tools on the market that both create events and monitor events, many of which are free. Windows also includes the ability to trigger actions based on event ids. – Lucky Luke Nov 18 '16 at 00:52
1 Answers
0
This is how I have done it using register-wmievent. The below looks at the event log. Substitute the logfile and eventcode for the ones you are looking for. Then in -action, you can trigger what you want to do.
$querystring = "SELECT * FROM __InstanceCreationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_NTLogEvent' AND TargetInstance.Logfile = 'Microsoft-Windows-PrintService/Operational' AND TargetInstance.Eventcode = '800'"
Register-WmiEvent -Query $QueryString -SourceIdentifier "PrintLog" -action { write-host "Print event triggered" }
Thanks, Tim.
Tim Haintz
- 486
- 1
- 3
- 8