简体繁体中英

Unique identifier for an event in Event Log

原文 2012-12-10 09:39:21 8 1 c#/ .net/ powershell/ event-log

I have a Windows Event Log file (.evt/.evtx) and I want to select a particular event from the Event Log using power shell. I see cmdlets like

$provider = Get-WinEvent -listprovider $EventSource
$ProviderEvent = $provider.events | Where-Object {($_.ID -eq 4)}

to query the event log, but in my .evtx, there are multiple events with same ID.

Hence, my question is - how to pin point to an individual event, (using what fields)?

1 answers

检查RecordId属性：

$provider.events | Where-Object {$_.ID -eq 4} | foreach {$_.RecordId}

is the event log index unique

Event Log(Event log created event)

reading an event log

Event log write error

Create a custom event log

Windows Event Log Concerns?

High Performance Event Log

Cannot write to the Event log

Stopping the monitoring of the event log

add event log to registry

暂无

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question is the event log index unique Event Log(Event log created event) reading an event log Event log write error Create a custom event log Windows Event Log Concerns? High Performance Event Log Cannot write to the Event log Stopping the monitoring of the event log add event log to registry

Related Tags

粤ICP备18138465号 © 2020-2024 STACKOOM.COM