write-eventlog 不写入应用程序日志(注册首选源后)
[英]write-eventlog does not write to application log (after register the prefered source)
问题描述
I try to write to eventlog "application".
我尝试写入事件日志“应用程序”。 I used a ScriptingGuy-Tutorial .我使用了ScriptingGuy-Tutorial 。 As described in the blog, I register the source "ScS" with the following command in a "run as administrator"-Powershell: New-EventLog -logname Application -source "ScS"如博客中所述,我在“以管理员身份运行”-Powershell 中使用以下命令注册源“ScS”: New-EventLog -logname Application -source "ScS"
I do not receive an error or any other feedback.我没有收到错误或任何其他反馈。 In the registry I can see the source in the path在注册表中我可以看到路径中的源
HKLM\System\CurrentControlSet\Services\EventLog\Application\ScS
After that, I try to write a event:之后,我尝试编写一个事件:
write-eventlog -logname Application -Source "ScS" -EntryType Information -EventId 01 -Message "Test"
I do not receive an error.我没有收到错误。 But it does not write the event.但它不写入事件。 I don't see it in eventvwr nor in the shell, using get-eventlog -LogName Application -Source "ScS"我在 eventvwr 和 shell 中都看不到它,使用get-eventlog -LogName Application -Source "ScS"
I use Win 8.1 Pro (German Language) with Powershell 4.0.我使用带有 Powershell 4.0 的 Win 8.1 Pro(德语)。 Hope you can show me my mistake...希望你能告诉我我的错误......
2 个解决方案
解决方案1
0 2017-01-23 20:30:32
You are loosing the fact that the logname in the first call is the name of the log you whant to create "Application" is an existing log.您正在失去这样一个事实,即第一次调用中的 logname 是您要创建的日志的名称“应用程序”是现有日志。
Here is an example (PowerShell V2 has its own cmdlets) :这是一个示例(PowerShell V2 有自己的 cmdlet):
# List of logs
Get-EventLog -list
# Creating your own log
New-EventLog -LogName "SlxScripting" -Source "MaSource"
# List of logs
Get-EventLog -list
# Writting in your own log
Write-EventLog -LogName "SlxScripting" -EventId 12 `
-Message "Mon Message"
-Source "MaSource" -EntryType Warning
# Reading (consuming) in your own log
Get-EventLog -LogName "SlxScripting"
# Suppressing your log (if needed)
Remove-EventLog -LogName "SlxScripting"
解决方案2
0 2021-05-13 18:50:50
I had the same issue on Server 2012 R2.我在 Server 2012 R2 上遇到了同样的问题。 As shown in the linked Scripting Guy tutorial, it should be possible to add a Source to the existing Application log--no need to create your own log.如链接的脚本专家教程中所示,应该可以向现有应用程序日志添加源——无需创建自己的日志。
I found a hint in this StackOverflow answer : stop and restart the Windows Event Log service.我在这个 StackOverflow 答案中找到了一个提示:停止并重新启动 Windows 事件日志服务。 Once I did that, Write-EventLog started creating events in the Application event log.一旦我这样做了,Write-EventLog 开始在应用程序事件日志中创建事件。 I also had to re-launch Event Viewer to get rid of some warnings like "Description cannot be found".我还必须重新启动事件查看器以消除一些警告,例如“找不到描述”。 According to the bottom of this article , this is due to Event Viewer caching.根据本文底部,这是由于事件查看器缓存。 Others like this answer suggest just restarting the computer.其他喜欢这个答案的人建议只需重新启动计算机。
Note that restarting the service is not required in Windows 10. It seems this is a Windows 8.1 / 2012 R2 bug.请注意,在 Windows 10 中不需要重新启动服务。这似乎是 Windows 8.1 / 2012 R2 的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.