Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to retrieve events from event logs with PowerShell and ADAudit Plus

The Get-WinEvent cmdlet is a descendant of the original Get-EventLog cmdlet. It comes with the additional capability of retrieving 'Applications Logs' and 'Services Logs'. It also comes with a difference in properties in comparison with Get-EventLog. Get-WinEvent gives you extensive information about the logs stored on your system. This cmdlet offers you three means to request your data using

  • FilterXML
  • FilterHashtable
  • FilterXPath

Despite the good performance Get-WinEvent provides to retrieve your data, it still makes sense to look for a quicker solution that requires less effort but also delivers in-depth event log reports. ADAudit Plus is one such solution that comes with an easy interface to identify relevant reports. It comes with a built-in search functionality to easily trace out specific events. The following is a comparison that shows how you can retrieve event logs using PowerShell an ADAudit Plus.

Windows PowerShell

Steps to retrieve events from event logs in Windows PowerShell

  • Run the Get-WinEvent cmdlet. This returns 'classic logs' and 'Windows logs'. Classic logs are retrieved first.
  • Specify the 'computer name' to retrieve logs from the local host. You can also specify a 'Recordcount' property to receive only logs that contain data.
    Code:
    Get-WinEvent -ListLog * -ComputerName localhost | Where-Object { $_.RecordCount }
     Copied
  • Collecting logs from multiple servers
    You can also collect logs from multiple servers using a 'For Each' statement that creates a loop to retrieve logs from each server at a time.
    Code:
    $S = 'Server01', 'Server02', 'Server03'
    ForEach ($Server in $S) {
      Get-WinEvent -ListLog Application -ComputerName $Server |
        Select-Object LogMode, MaximumSizeInBytes, RecordCount, LogName,
          @{name='ComputerName'; expression={$Server}} |
        Format-Table -AutoSize
    }
    
     Copied
    Click to copy entire script

ADAudit Plus

Steps to retrieve events from event logs in ADAudit Plus

  • Login to ADAudit Plus web console using administrator credential. Navigate to the 'Server Audit' tab.
  • Click on 'Server Audit Reports' and choose 'System Events'.

Screenshot:

get-winevent-1

Why ADAudit Plus is the better solution for you?

  • Comprehensive dashboard, so you can correlate reports.
  • It allows you to export reports in the desired format (CSV, HTML, XLS, PDF) with a single click easily.
  • Advanced filter options to save you the trouble of creating complex LDAP queries.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By