Windows PowerShell is a shell and scripting component of the Windows Management Framework, an automation/configuration management framework from Microsoft built on the .NET Framework.
PowerShell is installed by default on all supported versions of Windows client and server operating systems since Windows 7 / Windows Server 2008 R2.
- 50+ PowerShell eBooks Free Download – 2022 Update
- [Windows 10] View Windows Update History with CMD and Powershell
- [Free Download] 200+ Python Books For Beginners and Experts (2022 Update)
Windows PowerShell is similar to a terminal on Linux/Unix systems. It is a proprietary Windows command-line shell and can be used for different purposes including logs review. Logs are critical for system administrators to identify issues and troubleshoot machines. But it is difficult to identify useful information from logs.
Furthermore, you can also use SIEM (Security Incident and Event Management) solution like RSA/Alientvault/IBM SIEM etc for analysis of logs but that can be an expensive option for you.
To display the list of event logs, type the following command
Command: Get-EventLog -List
In case, if you want to display only 10 entries of particular system logs, then use the following command
Command: Get-EventLog -Logname System -Newest 10
Similarly, if you want to display the Security category logs, the command is:
Command: Get-EventLog -Logname Security -Newest 10
Furthermore, you can also filter out the results based on other fields such as:
Command: Get-EventLog -Logname System -Newest 10 -EntryType Warning
And, to filter the results based on specific date and time, the command is:
Command: Get-EventLog -LogName System -After ([datetime]’2022-01-01 10:00′) -before ([datetime]’2022-12-08 10:00′)
In case, if you want to display the output based on specific fields, then you can use pipe symbol as showing in below command.
Command: Get-EventLog -Logname System -Newest 10 | Select-Object EntryType, InstanceId, Index, Source
This article lists out some useful PowerShell commands that help you to review logs on Windows PowerShell. Feel free to comment or mail at firstname.lastname@example.org if any doubt arises in any of the script.