I've searched for every keyword I can find to see if there's a cmdlet in PS7 that is equivalent to New-EventLog from PS5?
Does something like this exist?
Asked
Active
Viewed 3,057 times
5
-
2There isn't one. This is why Side-by-Side is a thing (it will be a while before PSC reaches full backward compatible, if ever) and leveraging compatibility mode to be able to use both. Otherwise, just shell out to PS5 from PS7 to run PS5 specific cmdlets. Event logs are just a RegKey entry, so, you can still do that manually or in code. – postanote Jun 05 '21 at 01:16
4 Answers
3
Continuing from my comment. For a simple example, and rough way of dealing with your use case on PSCore. You need to review the docs to see all the options for such a case.
Get-CimInstance -ClassName Cim_OperatingSystem
# Results
<#
SystemDirectory Organization BuildNumber RegisteredUser SerialNumber Version
--------------- ------------ ----------- -------------- ------------ -------
C:\Windows\system32 19041 00329-00000-00003-AA986 10.0.19041
#>
$PSVersionTable.PSVersion
# Results
<#
Major Minor Patch PreReleaseLabel BuildLabel
----- ----- ----- --------------- ----------
7 1 3
#>
# Get some event logs, just because
(Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue).LogName |
Select-Object -First 9
# Results
<#
Windows PowerShell
System
Security
Key Management Service
Internet Explorer
HardwareEvents
Application
Windows Networking Vpn Plugin Platform/OperationalVerbose
Windows Networking Vpn Plugin Platform/Operational
#>
# Create a new event log
New-Item -Path 'HKLM:\SYSTEM\ControlSet001\Services\Eventlog' -Name 'MyEventLog' –Force
# Results
<#
Hive: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog
Name Property
---- --------
MyEventLog
#>
# Get some event logs, just because
(Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue).LogName |
Select-Object -First 9
# Results
<#
Windows PowerShell
System
Security
MyEventLog
Key Management Service
Internet Explorer
HardwareEvents
Application
Windows Networking Vpn Plugin Platform/OperationalVerbose
#>
# Write to it this way:
eventcreate /l MyEventLog /t Information /so TestWrite /id 1 /d "Test message"
# Results
<#
SUCCESS: An event of type 'Information' was created in the 'MyEventLog' log with 'TestWrite' as the source.
#>
Get-WinEvent -LogName 'MyEventLog'
# Results
<#
ProviderName: TestWrite
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
6/4/2021 6:12:30 PM 1 Information Test message
(Get-WinEvent -LogName 'MyEventLog').Count
1
#>
postanote
- 15,138
- 2
- 14
- 25
1
There is no direct equivalent since it is old Win32 API, however there is a New-WinEvent which might help you.
Example:
New-WinEvent -ProviderName Microsoft-Windows-PowerShell -Id 45090 -Payload @("Workflow", "Running")
Hrvoje Kusulja
- 925
- 1
- 11
- 25
0
If you are looking for a simple way to create an event source and log an event, you can use static methods on the [System.Diagnostics.EventLog] class. Example code to create a new source for the built-in Application event log and write an event to the Application log:
if (-not [System.Diagnostics.EventLog]::SourceExists("MyApp")) {
[System.Diagnostics.EventLog]::CreateEventSource("MyApp", "Application")
}
[System.Diagnostics.EventLog]::WriteEntry("MyApp", "Message Body", "Information", 1)
You can use [System.Diagnostics.EventLog] | Get-Member -Static to see a list of methods available on this class or see the Microsoft docs for more information on the class.
Creating an event source requires you to be running as Administrator, and all of the methods on EventLog class will throw on non-windows platforms.
Nick Durcholz
- 1
- 1
0
I just ran into the same problem and discovered that while Get-EventLogGet-WinEvent
WIX10
- 36
- 8