Home SIEM Review Windows Logs With Windows PowerShell

Review Windows Logs With Windows PowerShell

SIEM By · March 21, 2022 · 1 Comment
Windows Powershell Review Logs Techhyme

Windows PowerShell is a shell and scripting component of the Windows Management Framework, an automation/configuration management framework from Microsoft built on the .NET Framework.

PowerShell is installed by default on all supported versions of Windows client and server operating systems since Windows 7 / Windows Server 2008 R2.

Also Read:

Windows PowerShell is similar to a terminal on Linux/Unix systems. It is a proprietary Windows command-line shell and can be used for different purposes including logs review. Logs are critical for system administrators to identify issues and troubleshoot machines. But it is difficult to identify useful information from logs.

Furthermore, you can also use SIEM (Security Incident and Event Management) solution like RSA/Alientvault/IBM SIEM etc for analysis of logs but that can be an expensive option for you.

To display the list of event logs, type the following command

Command: Get-EventLog -List

Windows Powershell Log Analysis Techhyme

In case, if you want to display only 10 entries of particular system logs, then use the following command

Command: Get-EventLog -Logname System -Newest 10

Windows Powershell Log Analysis Techhyme

Similarly, if you want to display the Security category logs, the command is:

Command: Get-EventLog -Logname Security -Newest 10

Windows Powershell Log Analysis Techhyme

Furthermore, you can also filter out the results based on other fields such as:

Command: Get-EventLog -Logname System -Newest 10 -EntryType Warning

Windows Powershell Log Analysis Techhyme

And, to filter the results based on specific date and time, the command is:

Command: Get-EventLog -LogName System -After ([datetime]’2022-01-01 10:00′) -before ([datetime]’2022-12-08 10:00′)

Windows Powershell Log Analysis Techhyme

In case, if you want to display the output based on specific fields, then you can use pipe symbol as showing in below command.

Command: Get-EventLog -Logname System -Newest 10 | Select-Object EntryType, InstanceId, Index, Source

Windows Powershell Log Analysis Techhyme

This article lists out some useful PowerShell commands that help you to review logs on Windows PowerShell. Feel free to comment or mail at hymeblogs@gmail.com if any doubt arises in any of the script.

Sarcastic Writer

Related Posts

Elasticsearch Questions

100 Important Elasticsearch Questions for Developers and Data Engineers

SIEM Deployment Checklist Techhyme

15-Step SIEM Deployment Checklist to Strengthen Cybersecurity

Cybersecurity Abbreviations

50+ Important Abbreviations in Cybersecurity

Top 20 Free Tools Cybersecurity

Top 20 FREE Tools For Cybersecurity Enthusiasts

Top Hacking Tools

Top 66 Hacking Tools You Need To Know

Windows Firewall Management Commands

Top 28 Windows Firewall Management Commands You Need To Know

Cybersecurity Certifications

How to Become a Cybersecurity Consultant with Certifications

Online Science Courses

Top 10 Best Online Science Courses to Take in 2025

This Post Has One Comment

  1. Pingback: List of Commonly Used Windows Standard Powershell Verbs - Tech Hyme

Comments are closed.