PowerTip: Looking at Logs with PowerShell
Summary: Find logs that are not enabled with Windows PowerShell.
How can I use Windows PowerShell to quickly see which logs in the event log tool are not enabled by default?
Use the Get-WinEvent cmdlet to produce a list of all the logs, then pipe the results to the Where-Object cmdlet,
and specify that you want those that are not enabled, for example:
Get-WinEvent -ListLog * -ea 0 | where {-not ($_.isenabled)}
Note Many logs require elevated permissions for access. Either launch Windows PowerShell with elevated rights,
or specify an error action of 0 to block error messages related to not having access.
Light
Dark
0 comments