Review Windows Logs With Windows PowerShell

Windows Powershell Review Logs Techhyme

Windows PowerShell is a shell and scripting component of the Windows Management Framework, an automation/configuration management framework from Microsoft built on the .NET Framework.

PowerShell is installed by default on all supported versions of Windows client and server operating systems since Windows 7 / Windows Server 2008 R2.

Also Read:

Windows PowerShell is similar to a terminal on Linux/Unix systems. It is a proprietary Windows command-line shell and can be used for different purposes including logs review. Logs are critical for system administrators to identify issues and troubleshoot machines. But it is difficult to identify useful information from logs.

Furthermore, you can also use SIEM (Security Incident and Event Management) solution like RSA/Alientvault/IBM SIEM etc for analysis of logs but that can be an expensive option for you.

To display the list of event logs, type the following command

Command: Get-EventLog -List

Windows Powershell Log Analysis Techhyme

In case, if you want to display only 10 entries of particular system logs, then use the following command

Command: Get-EventLog -Logname System -Newest 10

Windows Powershell Log Analysis Techhyme

Similarly, if you want to display the Security category logs, the command is:

Command: Get-EventLog -Logname Security -Newest 10

Windows Powershell Log Analysis Techhyme

Furthermore, you can also filter out the results based on other fields such as:

Command: Get-EventLog -Logname System -Newest 10 -EntryType Warning

Windows Powershell Log Analysis Techhyme

And, to filter the results based on specific date and time, the command is:

Command: Get-EventLog -LogName System -After ([datetime]’2022-01-01 10:00′) -before ([datetime]’2022-12-08 10:00′)

Windows Powershell Log Analysis Techhyme

In case, if you want to display the output based on specific fields, then you can use pipe symbol as showing in below command.

Command: Get-EventLog -Logname System -Newest 10 | Select-Object EntryType, InstanceId, Index, Source

Windows Powershell Log Analysis Techhyme

This article lists out some useful PowerShell commands that help you to review logs on Windows PowerShell. Feel free to comment or mail at hymeblogs@gmail.com if any doubt arises in any of the script.

Related Posts

Apache Best Practices Techhyme

Best Practices to Harden Apache for DevSecOps

Apache HTTP Server is one of the most widely used web servers in the world. In a DevSecOps environment, securing the Apache server is essential to ensure…

NIST 800-82r3 OT Security Guide Final version Techhyme

NIST Just Released The Final Version of 800-82r3 OT Security Guide

The National Institute of Standards and Technology (NIST) has published the final version of its Special Publication (SP) 800-82r3, Guide to Operational Technology (OT) Security. This document…

HTML Versions Techhyme

A Journey Through HTML Versions

HTML, or HyperText Markup Language, has evolved significantly since its inception in the late 1980s. It has undergone several versions, each adding new features, improving functionality, and…

HTTP Client Requests Techhyme

Understanding HTTP Client Requests – A Comprehensive Overview

HTTP (HyperText Transfer Protocol) is the foundation of data communication on the World Wide Web. It operates using a client-server model, where a client sends requests to…

Popular Databases Techhyme

Exploring Popular Databases: Oracle, Microsoft SQL Server, PostgreSQL, and MySQL

Databases are the backbone of modern information management systems, allowing businesses and organizations to store, manage, and retrieve data efficiently. There are several popular databases in the…

Apache Web Server Error Levels Techhyme

Understanding Apache Web Server Error Levels

The Apache web server, a robust and widely used software, employs a comprehensive error reporting system to help administrators and developers diagnose issues effectively. These error levels…