June 20th, 2013

How to Use PowerShell to Write to Event Logs

Doctor Scripto
Scripter

Summary: Guest blogger, Jonathan Tyler, talks about how to write to Windows event logs by using Windows PowerShell—and avoid errors in doing so.

Microsoft Scripting Guy, Ed Wilson, is here. While I was at TechEd in New Orleans, I had the chance to talk to Jonathan Tyler. I see him from time-to-time, although he only lives a few hours away from us. Jonathan is an active member of the Windows PowerShell community, and he has written other posts for the Hey, Scripting Guy! Blog.

I am happy to welcome back guest blogger, Jonathan Tyler…

Let’s start with a poll. How many of you like to get feedback from your Windows PowerShell scripts, either by a verbose switch or in some sort of log file? Great, you can put your hands down. Now, how many of you like to get feedback from a script that you have running as a scheduled task? And now, how many simply write to a text file or simply forget about getting feedback unless you find that there is a problem?

By the end of this post, I will show you how you can leverage the premier logging system on any Windows Server: the event log! If you work in an enterprise, you most likely have some type of central monitoring system that collects errors from your event logs. Why not use that same system to capture and report when one of your Windows PowerShell scripts goes wrong? The best thing is that you don’t even have to stick to errors.

To begin with, let’s flip over to the Windows PowerShell console and see what cmdlets are available that deal with the event logs.

Image of command output

It looks like the one we probably need is Write-EventLog. To try this out, I am going to write a test message to the Application event log. This should be fairly straightforward:

Write-EventLog –LogName Application –Source “My Script” –EntryType Information –EventID 1
 –Message “This is a test message.”

In this command, the LogName, Source, EventID, and Message are required parameters. After running this command, I would expect a new message to show up in the Application event log. Run this on your computer and then check the event logs. I’ll wait…

What? You got an error message? I’m betting it is because your computer doesn’t have a source called “My Script.”

Image of error message

Note   If you received a slightly different error that states not all event logs (Security) could be scanned, you need to run Windows PowerShell as an Administrator. I will explain a little more about this later.

So, how in the world can we use the event log if we have to have a Source parameter but the source we want to use is not on the server? If you look back at the first screenshot, you will see another cmdlet in the list that will help us out: New-EventLog.

The New-EventLog cmdlet can be used not only to create a brand new event log on the computer, but it can also create a new source that can be used when you write to the event log. I have actually used this in some instances for custom code in a SharePoint farm. The custom code being deployed needed to write information to the event logs, but the application pool account did not have the administrative rights to create the source. Instead of elevating the application pool’s rights on all the servers, I used this cmdlet to create a new source, and then the custom code was happy to report to the event logs.

To fix our previous error, we can use the following line as an Administrator on the computer:

New-EventLog –LogName Application –Source “My Script”

Image of command output

As you can see, the Write-EventLog now returns with no error. And if we check the event log entries, we should now see our test message.

Image of event log

And the details of the message:

Image of message

As you can see, the source is now populated with “My Script.”

To create a new source for an event log, administrative privileges are required. But the nice thing is that you only have to do this once for the source. When it is installed on the computer, you don’t have to worry about it again. Additionally, you can leverage Windows PowerShell to make the change across multiple machines by supplying the ComputerName parameter. You can also use this to create an event log specifically for your script or to create a source for event logs other than the Application log.

~Jonathan

Thank you, Jonathan, for sharing your time and knowledge with us today. Hopefully, it will not be another year before I get to see you again.

Join me tomorrow when I have another guest blog by Honorary Scripting Guy and Microsoft PowerShell MVP, Sean Kearney, as he continues his series about using Windows PowerShell with Hyper-V. It is cool stuff and you do not want to miss it.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Author

The "Scripting Guys" is a historical title passed from scripter to scripter. The current revision has morphed into our good friend Doctor Scripto who has been with us since the very beginning.

0 comments

Discussion are closed.