I recently had  a situation where I needed to be able to search an event log for a particular value.

I wrote a quick little script so that our PM could run it with little effort

   1: param ($name)

   2: $user = '*' + $name + '*'

   3: get-eventlog application | where {$_.Message -like $user} | 

   4: format-list Message,TimeGenerated

I am basically searching for event logs that contain a particular name.

It’s pretty straight forward once you find that .Message is what contains the real meat of the event log entry.

You could also obviously use get-eventlog system as well.

This entry was posted on Thursday, March 27th, 2008 at 5:52 am and is filed under Powershell. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.