Review Windows Logs With Windows PowerShell

Windows Powershell Review Logs Techhyme

Windows PowerShell is a shell and scripting component of the Windows Management Framework, an automation/configuration management framework from Microsoft built on the .NET Framework.

PowerShell is installed by default on all supported versions of Windows client and server operating systems since Windows 7 / Windows Server 2008 R2.

Also Read:

Windows PowerShell is similar to a terminal on Linux/Unix systems. It is a proprietary Windows command-line shell and can be used for different purposes including logs review. Logs are critical for system administrators to identify issues and troubleshoot machines. But it is difficult to identify useful information from logs.

Furthermore, you can also use SIEM (Security Incident and Event Management) solution like RSA/Alientvault/IBM SIEM etc for analysis of logs but that can be an expensive option for you.

To display the list of event logs, type the following command

Command: Get-EventLog -List

Windows Powershell Log Analysis Techhyme

In case, if you want to display only 10 entries of particular system logs, then use the following command

Command: Get-EventLog -Logname System -Newest 10

Windows Powershell Log Analysis Techhyme

Similarly, if you want to display the Security category logs, the command is:

Command: Get-EventLog -Logname Security -Newest 10

Windows Powershell Log Analysis Techhyme

Furthermore, you can also filter out the results based on other fields such as:

Command: Get-EventLog -Logname System -Newest 10 -EntryType Warning

Windows Powershell Log Analysis Techhyme

And, to filter the results based on specific date and time, the command is:

Command: Get-EventLog -LogName System -After ([datetime]’2022-01-01 10:00′) -before ([datetime]’2022-12-08 10:00′)

Windows Powershell Log Analysis Techhyme

In case, if you want to display the output based on specific fields, then you can use pipe symbol as showing in below command.

Command: Get-EventLog -Logname System -Newest 10 | Select-Object EntryType, InstanceId, Index, Source

Windows Powershell Log Analysis Techhyme

This article lists out some useful PowerShell commands that help you to review logs on Windows PowerShell. Feel free to comment or mail at hymeblogs@gmail.com if any doubt arises in any of the script.