How to create a custom event view in powershell?

Asked Jul 24 '15 at 15:01

Active Jul 24 '15 at 16:12

Viewed 2,480 times

I've been looking around and can't find any way to create a custom view in the event viewer in Powershell.

I found a Microsoft Scripting Guy post about exporting one, but I'd like to create one from scratch. I'm using PowerShell 5.0.

Edit: Looks like all the event logs are stored in %SystemRoot%\System32\Winevt\Logs\ and exist as .evtx files.

Edit: The command:

 New-EventLog -LogName "LogNameHere" -Source "Test"

does create LogNameHere.evtx in the %SystemRoot%\System32\Winevt\Logs\ directory. You can specify multiple sources, but this just allows those sources to write to the event log, and doesn't log all the information from those sources. (I'll check on that)

 New-EventLog -LogName "LogNameHere" -Source "Test1", "Test2", "Test3"

edited Jul 24 '15 at 16:12

asked Jul 24 '15 at 15:01

Speerian

1,138
1
12
29

2

http://stackoverflow.com/questions/29695358/programmatically-create-a-custom-eventlog-view shows how to do it in C#, but it appears to just be XML manipulation anyway. – Eris Jul 30 '15 at 03:36
@Eris Thanks for the link. Don't think I saw that one. Most of the articles I read had to do with exporting XML from an already existing custom event. – Speerian Jul 30 '15 at 21:41

How to create a custom event view in powershell?

0 Answers0