Get-EventLog - Windows

Guestbook

Get Windows event lists

1
2
3
4
5
6
7
8
9
10
11
12
13
PS C:\Users\bfadm> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
 131,072      0 OverwriteAsNeeded      89,601 Application
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder                Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
     128      0 OverwriteAsNeeded           8 OAlerts
                                              Security
   8,192      0 OverwriteAsNeeded      14,253 Symantec Endpoint Protection Client
  32,768      0 OverwriteAsNeeded      97,981 System
  15,360      0 OverwriteAsNeeded      13,378 Windows PowerShell

Get Windows event details

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
PS C:\Users\bfadm> Get-EventLog -LogName System -Source "Service Control Manager" -EntryType Error | Where-Object {$_.EventID -eq 7031} |Select-Object -Property *

EventID            : 7031
MachineName        : ppwsfprt02.domain.hk
Data               : {83, 0, 112, 0...}
Index              : 1424209
Category           : (0)
CategoryNumber     : 0
EntryType          : Error
Message            : The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will
                     be taken in 5000 milliseconds: Restart the service.
Source             : Service Control Manager
ReplacementStrings : {Print Spooler, 2, 5000, 1...}
InstanceId         : 3221232503
TimeGenerated      : 2/19/2025 9:31:54 AM
TimeWritten        : 2/19/2025 9:31:54 AM
UserName           :
Site               :
Container          :