Sunday, January 23, 2011

Get-WinEvent, EventLogs, ETL, Providers on Win7

'Get-WinEvent' in Powerhsell 2 when combined with ETL on Windows 7 allows exceptional event log queries. This function allows the administrator to create an array of all Event Logs and sort by 'time created' all those records created in the last (1) day:

function global:LatestLogEntries
       [int32] $param1,
       [string] $ErrorActionPreference="silentlycontinue"

$LogNames=(Get-Winevent -listlog  * )
$goback = (get-date) - (new-timespan -days $param1 )
$LogNames | % {get-winevent -FilterHashTable  @{LogName=$_.LogName;StartTime=$goback}}