Eventlogs: Unterschied zwischen den Versionen

Aus Wiki-WebPerfect
Wechseln zu: Navigation, Suche
Zeile 27: Zeile 27:
 
  wevtutil sl /ms:104857600 /e:true Microsoft-Windows-Hyper-V-VMMS-Admin
 
  wevtutil sl /ms:104857600 /e:true Microsoft-Windows-Hyper-V-VMMS-Admin
  
==== Alle Eventlogs (inklusiv "Applications and Services Logs"
+
==== Alle Eventlogs (inklusiv "Applications and Services Logs" ====
 
<source lang="powershell"> (Get-WinEvent -ListLog *).LogName | foreach {Get-WinEvent -LogName $_} </source>
 
<source lang="powershell"> (Get-WinEvent -ListLog *).LogName | foreach {Get-WinEvent -LogName $_} </source>
  

Version vom 21. Februar 2018, 11:04 Uhr

Standard EventLogs (Windows Logs)

Letze 10 Application EventLogs anzeigen

Get-EventLog -Newest 10 -LogName "Application"

Spezielle EventLogs (Application and Services Logs)

Beispiel Microsoft-Windows-Hyper-V-VMMS EventLogs

Get-WinEvent -ComputerName <Hostname> -ProviderName 'Microsoft-Windows-Hyper-V-VMMS' -MaxEvents 10 | ft -Property TimeCreated, MachineName, Id, LevelDisplayName, Message


Beispiele / Tipps

Eventlogs auf bestimmte EventIDs durchsuchen

 Get-EventLog -LogName System -ComputerName <Hostname> -InstanceId <EventID>

oder

 Get-EventLog -LogName System -ComputerName <Hostname> | ? {$_.EventID -eq <EventID>}

Beispiel Microsoft-Windows-Hyper-V-VMMS EventLogs der letzten zwei Tage

Get-WinEvent -ComputerName <Hostname> -ProviderName 'Microsoft-Windows-Hyper-V-VMMS' | ? {$_.LevelDisplayName -eq "Error"} | ? {$_.TimeCreated -ge ((get-date).AddDays(-2))}

Eventlog mittels HashTable filtern

Get-WinEvent -FilterHashTable @{LogName ="Microsoft-Windows-Hyper-V-VMMS-Admin"} | ? {$_.LevelDisplayName -eq "Error"} | ? {$_.TimeCreated -ge ((get-date).AddDays(-2))}

Eventlog-Eintrag erstellen (Dummy)

Write-EventLog –LogName System –Source “Microsoft-Windows-FailoverClustering” –EntryType Information –EventID 5121 -message "Manual"

Eventlog-Limit mit wevtutil erhöhen (Microsoft-Windows-Hyper-V-VMMS-Admin auf 100MB erhöhen)

wevtutil sl /ms:104857600 /e:true Microsoft-Windows-Hyper-V-VMMS-Admin

Alle Eventlogs (inklusiv "Applications and Services Logs"

 (Get-WinEvent -ListLog *).LogName | foreach {Get-WinEvent -LogName $_}