powershellscripts.com

Tutorials  PowerShell Cmdlet Help for Write-EventLog



NAME
Write-EventLog

SYNOPSIS
Writes an event to an event log.

SYNTAX
Write-EventLog [-LogName] [-Source] [-EventID] [-Message] [[-EntryType] {Error | W
arning | Information | SuccessAudit | FailureAudit}] [-Category ] [-ComputerName ] [-RawData >] []


DESCRIPTION
The Write-EventLog cmdlet writes an event to an event log.

To write an event to an event log, the event log must exist on the computer and the source must be registered for t
he event log.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events fr
om logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.


PARAMETERS
-Category
Specifies a task category for the event. Enter an integer that is associated with the strings in the category m
essage file for the event log.

Required? false
Position? named
Default value 1
Accept pipeline input? false
Accept wildcard characters? false

-ComputerName
Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer
.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Even
tLog even if your computer is not configured to run remote commands.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-EntryType
Specifies the entry type of the event. Valid values are Error, Warning, Information, SuccessAudit, and Failure
Audit. The default value is Information.

For a description of the values, see System.Diagnostics.EventLogEntryType in the MSDN (Microsoft Developer Netw
ork) library at http://go.microsoft.com/fwlink/?LinkId=143599.

Required? false
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false

-EventID
Specifies the event identifier. This parameter is required.

Required? true
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false

-LogName
Specifies the name of the log to which the event is written. Enter the log name (the value of the Log property,
not the LogDisplayName). Wildcard characters are not permitted. This parameter is required.

Required? true
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false

-Message
Specifies the event message. This parameter is required.

Required? true
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false

-RawData
Specifies the binary data that is associated with the event, in bytes.

Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false

-Source
Specifies the event source, which is typically the name of the application that is writing the event to the log
.

Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false


This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".

INPUTS
None
You cannot pipe input to this cmdlet.


OUTPUTS
System.Diagnostics.EventLogEntry
Write-EventLog returns objects that represents the events in the logs.


NOTES


To use Write-EventLog on Windows Vista and later versions of Windows, start Windows PowerShell with the "Run as
administrator" option.


-------------------------- EXAMPLE 1 --------------------------

C:\PS>write-eventlog -logname Application -source MyApp -eventID 3001 -entrytype Information -message "MyApp added
a user-requested feature to the display." -category 1 -rawdata 10,20


Description
-----------
This command writes an event from the MyApp source to the Application event log.





-------------------------- EXAMPLE 2 --------------------------

C:\PS>write-eventlog -computername Server01 -logname Application -source MyApp -eventID 3001 -message "MyApp added
a user-requested feature to the display."


Description
-----------
This command writes an event from the MyApp source to the Application event log on the Server01 remote computer.






RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=135281
Clear-EventLog
Get-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog
Get-WinEvent