Powershell Get-EventLog output issue when logging

Question

I am having an issue with the writing of a get-eventlog function when I'm writing to a TXT file.

This is my LogWrite function:

#Log Function
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite
{
   Param ([string]$logstring)
   Add-content $Logfile -value $Stamp": "$logstring -Force
}

This is my LogWrite code in part of my script.

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed | Format-List

The issue I am having is its coming out like this in the txt file: Microsoft.PowerShell.Commands.GenericMeasureInfo

But if I simply echo it, it comes out like this (This is an example):

Index              : 2568
EntryType          : Information
InstanceId         : 15
Message            : Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_ON.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {Symantec Endpoint Protection, SECURITY_PRODUCT_STATE_ON}
Source             : SecurityCenter
TimeGenerated      : 3/15/2017 7:46:02 AM
TimeWritten        : 3/15/2017 7:46:02 AM

How can I get this to write to the log this way?

It seems to only happen when using Add-Content. Any reason as to why? — JordanBardwell, Mar 15 '17 at 20:25

score 1 · Answer 1 · answered Mar 15 '17 at 20:45

There is no output from your log function. You are not piping anything into Format-List
$OutlookHangDetailed is going to be an array of objects of [System.Diagnostics.EventLogEntry]. You can turn it into a string with $logstring | fl | out-string. Casting directly to a string isn't going to give you the output you are looking for.

$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite {
        Param (
            [System.Diagnostics.EventLogEntry[]]$logstring,
            [string]$Logfile,
            [string]$Stamp
        )


        $logentry = "$($Stamp):$($logstring | fl | out-string)"
        Add-Content $Logfile -value $logentry -Force
        $logentry
    }

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed $Logfile $Stamp

score 0 · Answer 2 · edited Mar 15 '17 at 20:43

0

Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue >> "..\Logs\$(gc env:computername)_Outlook.log"

This will work as expected

edited Mar 15 '17 at 20:43

answered Mar 15 '17 at 19:54

Ankush Khandelwal

1

This works, partially. I am trying to format it like this using Format-List Index : 2568 EntryType : Information InstanceId : 15 Message : Updated Symantec Endpoint Protection status point Protection, SECURITY_PRODUCT_STATE_ON} Source : SecurityCenter TimeGenerated : 3/15/2017 7:46:02 AM TimeWritten : 3/15/2017 7:46:02 AM But it comes out like this: l y t o S E C U R I T Y _ P R O D U C T _ S T A T E _ O N . – JordanBardwell Mar 15 '17 at 20:06
I'd like for it to come out how I have it above when i Echo it, but it doesn't with the command you provided, it seems like it isn't formatted correctly. – JordanBardwell Mar 15 '17 at 20:16

score 0 · Answer 3 · answered Mar 15 '17 at 21:32

Maybe like this:

    Function LogWrite
    {
       param (
         $logstring
       )

       $Stamp | Out-File -Encoding UTF8 -FilePath $Logfile -Append -Force
       ($logstring | Format-List) | Out-File -Encoding UTF8 -FilePath $Logfile -Width 1024 -Append -Force
    }

And call your function with:

    LogWrite $OutlookHangDetailed

Powershell Get-EventLog output issue when logging

3 Answers3