Ever wondered why an application or site crashed? Think it’s too much work to start up your eventviewer? Use Powershell instead! In this post I’ll show you how to use Powershell to find out what happened.
First start up the Get-EvenLog cmdlet with the -list parameter. This will give you some information that you would also get using the Event-viewer:
Get-EventLog -list Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 20,480 0 OverwriteAsNeeded 19,959 Application 20,480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 3,825 Key Management Service Security 20,480 0 OverwriteAsNeeded 52,579 System 512 7 OverwriteOlder 41 Volume Activation Management Tool 15,360 0 OverwriteAsNeeded 4,122 Windows PowerShell
Now this is ofcourse not very usefull yet. We can however specify what log entries to display. So if you want to see all entries filed under “Application” we use:
Get-EventLog Application 4961 jan 08 21:42 Information AlienFXWindowsSer... 0 Service has been successfully shut down. 4960 jan 08 21:42 AWPower 0 Service has been successfully shut down.
That is just a tiny snippet. As you can see in the first overview I currently have around 20K entries in my Application log. If we’re only interested in the last 4 entries we can use the following syntax:
Get-EventLog Application -newest 4
Now of course we want to see a little bit more detailed information about the entries we’re checking out. You can use the Format-List cmdlet for that. By piping the output of the previous cmdlet through this one we get all the information that’s available:
Get-EventLog Application -newest 4 | Format-List
I won’t bother you with the output of my machine, but I hope you get the point ;)