Powershell Write-EventLog / Get-WinEvent消息问题
[英]Powershell Write-EventLog / Get-WinEvent Message issues
问题描述
The first command creates an entry in the event log, it seems to be working because I can see the message data in event viewer. 
第一个命令在事件日志中创建一个条目,它似乎正在工作,因为我可以在事件查看器中看到消息数据。 The issue is when reading it back from powershell the message field is empty. 问题是从Powershell读取消息时,消息字段为空。
write-eventlog System -source 'Microsoft-Windows-Kernel-General' -eventid 999 -message 'Kernel something or other'
get-winevent -filterHashTable @{Logname = 'System'; ID = '999'}| select-object -first 10
Maybe this picture explains it better. 也许这张照片可以更好地说明。 Notice the message column is blank. 请注意消息列为空。
2 个解决方案
解决方案1
2 已采纳 2014-09-26 08:39:29
The event is being written correctly, to read it back use this: 该事件已正确写入,要重新读取该事件,请使用以下命令:
get-winevent -filterHashTable @{Logname = 'System'; ID = '999'}|
select-object -first 10 | select timecreated,providername,
@{n="Message";e={$_.properties.Value}}
The reason you can't see it in the message column is evident when launching eventvwr : 启动eventvwr时,很明显在消息列中看不到它的原因:
The description for Event ID 999 from source Microsoft-Windows-Kernel-General cannot be found.
If you want to write custom messages from custom sources use New-EventLog cmdlet, here is the Scripting Guy's tutorial: http://blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use-powershell-to-write-to-event-logs.aspx 如果要使用New-EventLog cmdlet从自定义来源编写自定义消息,请New-EventLog脚本专家的教程: http : //blogs.technet.com/b/heyscriptingguy/archive/2013/06/20/how-to-use -powershell对写入到事件logs.aspx
解决方案2
1 2014-10-05 13:45:10
Here is the snip that ended up making it work. 这是最终使它起作用的片段。 Credit to Raf for the link where I found this answer. 感谢Raf提供我找到此答案的链接。
$source = "Some Name"
If ([System.Diagnostics.EventLog]::SourceExists("$source") -eq $false)
{New-EventLog -LogName $log -Source "$source"}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.