Stack Overflow
Stack Overflow

Questions tagged [get-winevent]

Get-WinEvent is a powershell cmdlet that gets the events in an event log, or a list of the event logs, on the local or remote computers.

Get-WinEvent is a cmdlet that gets the events in an , or a list of the event logs, on the local or remote computers.

See also

74 questions
1
vote
1 answer

ETL file parsing using powershell script

#Defining the etl file $etlFile = 'test.etl' #Retrieving the content $log = Get-WinEvent -Path $etlFile –Oldest Is there any other way of parsing .etl file to read etw events?
user12428054
  • 135
  • 3
  • 9
1
vote
1 answer

PowerShell parsing Win-Event XML

I've been battling this for a few hours (don't laugh). What I need is REALLY simple, but I just can't get it. I avoid Powershell, but I would really like to add it to my portfolio. Every time I try it, it pisses me off. Anyway... The Event data…
Darren
  • 13
  • 3
1
vote
2 answers

How to filter from xml to get boot duration using powershell?

so here is code and it gives a table as an output. $bootevents = Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=100} $bootevent = [xml]$bootevents[0].ToXml() $bootevent.Event.EventData.Data If I…
tinku007
  • 54
  • 7
1
vote
0 answers

Looking for localization to map Get-WinEvent -Listlog results to config .xml path

For the eventviewer i want default viewconfigs for each entry in the event-tree. These channel_i.xml are stored under $env:ProgramData\Microsoft\Event Viewer in folders according to the tree structure. Sadly there seems to be no standard behaviour…
jowa
  • 11
  • 2
1
vote
2 answers

How to get Powershell > Get-WinEvent > Security > Message > Access Mask that match 0x1 or 0x4

How to get Security ID 4663 where the Message is 0x1|0x4|etc. I have tried different code, I only want to log about 5 codes to a CSV, I can export to CSV, and I can pull 4663 ID's only, but I can't filter on the Message Access Mask which is text in…
David Armstrong
  • 39
  • 1
  • 7
1
vote
1 answer

Group eventlog entries and count errors

I have the following code which enumerates all event log sources and grabs the last few days worth of errors and warnings. Get-WinEvent -ListLog * -EA silentlycontinue | Where-Object { $_.recordcount } | ForEach-Object { Get-WinEvent…
Sentient
  • 11
  • 2
1
vote
1 answer

Failed to get Event-Data Field Data in PowerShell

I am trying to get a specific Datafield (FailureReason) from the Event 4625 to a CSV field. I have analyzed the event schema with the following code: (Get-WinEvent -ListProvider Microsoft-Windows-Security-Auditing).Events | Where-Object {$_.Id…
Peter Core
  • 193
  • 1
  • 2
  • 16
1
vote
1 answer

get-winevent: working with properties

I try to learn powershell to automate some daily tasks. I try to figure out all fieldnames from the get-winevent function to understand what i need to do when i want to filter a result from a lot of eventid's with several conditions. In this…
Peter Core
  • 193
  • 1
  • 2
  • 16
1
vote
0 answers

System.Management.Automation.RuntimeException when converting from System.Diagnostics.Eventing.Reader.EventLogRecord to XML

I'm encountering the same issue as mentioned at https://serverfault.com/questions/743515/my-event-log-has-corrupted-dacl-write-attributes-in-4656-file-audit-events/852636#852636 where there are some invalid characters in the event logs and therefore…
Michael Szabo
  • 235
  • 3
  • 10
1
vote
1 answer

Log Monitoring of Multiple Computers with Get-WinEvent

From the line of code below, is there a way to call a .txt file for a list of computers to be looked at? I want it to look for logs in not just one computer but from a list of computers. $StartDate = (get-date).AddHours(-12) Get-WinEvent…
lapsantos
  • 69
  • 1
  • 9
0
votes
0 answers

PowerShell 7 using FilterXPath syntax errors

I'm trying to extract some records from the Windows System Log with PowerShell 7 using "get-winevent" I'm getting different errors depending on the many variations of my command I've run, using various posts as guides. Note: $tm below is a…
Tom Salciccia
  • 1
  • 1
0
votes
0 answers

Set Windows event's UserData

I'm trying to simulate the creation of a certain Windows event using Powershell's New-WinEvent. The events that I try to mimic have the following top level structure in the Event Viewer's XML view:
Seva Alekseyev
  • 59,826
  • 25
  • 160
  • 281
0
votes
1 answer

Get EventData from Get-WinEvent from File - How to group by EventData.Data?

An EventLog was exported from a server to a file named Exported_ErrorLog.evtx. I would like to filter all entries created in 2023 group by Text (see xml below) and count I am able to read from file (see Learn Powershell -…
surfmuggle
  • 5,527
  • 7
  • 48
  • 77
0
votes
0 answers

Map names for properties in Get-WinEvent

When I do this request Get-WinEvent -FilterHashTable @{LogName='Microsoft-Windows-TerminalServices-Gateway/Operational'; Id=307,302,303; StartTime='01.11.2022 0:00:01'} | Select-Object TimeCreated, ID, Message, Properties | Format-Table -AutoSize |…
Andrei Lyashko
  • 3
  • 2
0
votes
0 answers

PowerShell Get-WinEvent EndTime Parameter problem

using: Get-WinEvent -FilterHashtable @{logname="application";starttime="8/10/2022 10:00:00"} works perfectly, but: (and there are records in this time span for sure!) Get-WinEvent -FilterHashtable @{logname="application";starttime="8/10/2022…
Purclot
  • 483
  • 7
  • 22
1
2
3 4 5