{"id":5583,"date":"2018-05-22T23:49:25","date_gmt":"2018-05-22T21:49:25","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=5583"},"modified":"2018-05-23T13:26:37","modified_gmt":"2018-05-23T11:26:37","slug":"powershell-accessing-applications-and-services-logs","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/powershell-accessing-applications-and-services-logs\/","title":{"rendered":"Powershell: Accessing Applications and Services Logs"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_5583 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_5583')){$('.twoclick_social_bookmarks_post_5583').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Powershell%3A%20Accessing%20Applications%20and%20Services%20Logs\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Afor%20showing%20or%20exporting%20the%20System%2C%20Application%20and%20Security%20Log%20the%20command%20let%20Get-EventLog%20is%20the%20first%20choice.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/powershell-accessing-applications-and-services-logs\\\/\",\"post_id\":5583,\"post_title_referrer_track\":\"Powershell%3A+Accessing+Applications+and+Services+Logs\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>for showing or exporting the System, Application and Security Log the command let <strong>Get-EventLog<\/strong> is the first choice.<br \/>\n<!--more--><br \/>\nWhen you want to access an Application or Service log you have to use <strong>Get-WinEvent<\/strong>. Some examples:<\/p>\n<p>Get a List of of logs<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; Get-WinEvent -ListProvider * |Select-Object Name\r\n<\/pre>\n<p>Looking for a specific log<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; Get-WinEvent -ListProvider *Update*\r\nName     : Microsoft-Windows-WindowsUpdateClient\r\nLogLinks : {System, Microsoft-Windows-WindowsUpdateClient\/Operational}\r\nOpcodes  : {selfupdate, detect, download, install...}\r\nTasks    : {Agent, AU}\r\n<\/pre>\n<p>If you want to access the Windows Update log<\/p>\n<pre class=\"brush: powershell; title: ; notranslate\" title=\"\">\r\nPS D:\\&gt; Get-WinEvent -ProviderName  Microsoft-Windows-WindowsUpdateClient\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, for showing or exporting the System, Application and Security Log the command let Get-EventLog is the first choice.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[344,5],"tags":[1195,73,1197,133,1196,20],"class_list":["post-5583","post","type-post","status-publish","format-standard","hentry","category-powershell-scripting","category-windowsknowhow","tag-application-logs","tag-get","tag-get-winevent","tag-powershell","tag-service-logs","tag-windows-2"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=5583"}],"version-history":[{"count":1,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5583\/revisions"}],"predecessor-version":[{"id":5585,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5583\/revisions\/5585"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=5583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=5583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=5583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}