PowerTip: Use PowerShell to Write to an Event Log


Summary: Use the Write-Eventlog Windows PowerShell cmdlet to write to a standard or to a custom event log.

 Hey, Scripting Guy! Question How can you easily write output to an event log?

Hey, Scripting Guy! AnswerUse the Write-EventLog cmdlet, and make sure that you specify the log name and the source:

write-eventlog -logname Application -source MyApp -eventID 3001 -entrytype Information `

-message “MyApp added a user-requested feature to thedisplay.” -category 1 -rawdata 10,20

Comments (7)

  1. When I try this I get Source was not found.

    Eventually I tried

    write-eventlog -logname system -source 'User32' -eventID 777 -entrytype Information `

    -message "Test message " -category 1 -rawdata 10,20,30

    Even then it only worked when run as an administrator and the event log complained about the description for event id 777.

    How do you configure the event  logs to take a user defined source?

  2. Greg Wojan says:

    @Brian_O Nice! 😀

  3. Anonymous says:

    Is it possible to create an EventID Qualifier using powershell as in the example below?

    <EventID Qualifiers="45055">20709</EventID>

    <Event xmlns="schemas.microsoft.com/…/event">

    – <System>

     <Provider Name="BlackBerry Messaging Agen" />

     <EventID Qualifiers="45055">20709</EventID>

     <Level>3</Level>

     <Task>0</Task>

     <Keywords>0x80000000000000</Keywords>

     <TimeCreated SystemTime="2012-09-11T07:39:56.000000000Z" />

     <EventRecordID>8444471</EventRecordID>

     <Channel>Application</Channel>

     <Computer>xxxxxxxxxx</Computer>

     <Security />

     </System>

    – <EventData>

     <Data>{Fred.nerk@here.com} Failed to reach user's mailbox</Data>

     </EventData>

     </Event>

  4. Anonymous says:

    @StaceyIsLearning, you could precede with this (as mentioned above, this part will require administrative privilege):

    if ([System.Diagnostics.EventLog]::SourceExists("MyApp") -eq $false) {

       [System.Diagnostics.EventLog]::CreateEventSource("MyApp", "Application")

    }

  5. Greg Wojan says:

    @StaceyIsLearning, You can use New-EventLog to create the event source if it doesn't exist. Obviously, you need to be an Administrator to create the new event source.

  6. nvp says:

    Or, how do you list the valid sources using powershell?

  7. nvp says:

    oh, nevermind.  i guess that's easy enough

    get-eventlog application | group-object -property source  | select-object Name

Skip to main content