Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Write-EventLog

Write-EventLog

microsoft.powershell.commands.management.dll

Synopsis

Writes an event to an event log.

Syntax

Write-EventLog [-LogName] [-Source] [-EventId] [-EntryType] [-Message] [-Category] [-ComputerName] [-RawData] [<CommonParameters>]

Detailed Description

The Write-EventLog cmdlet writes an event to an event log.

To write an event to an event log, the event log must exist on the computer and the source must be registered for the event log.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

Parameters

-Category <Int16>

Specifies a task category for the event. Enter an integer that is associated with the strings in the category message file for the event log.

Aliases

None

Required?

false

Position

named

Default value

1

Accept pipeline input?

false

Accept wildcard characters?

false

-ComputerName <String>

Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.

Aliases

None

Required?

false

Position

named

Default value

Local computer

Accept pipeline input?

false

Accept wildcard characters?

false

-EntryType <EventLogEntryType>

Specifies the entry type of the event. Valid values are Error, Warning, Information, SuccessAudit, and FailureAudit. The default value is Information.

For a description of the values, see System.Diagnostics.EventLogEntryType in the MSDN library at http://go.microsoft.com/fwlink/?LinkId=143599.

Aliases

None

Required?

false

Position

4

Default value

Information

Accept pipeline input?

false

Accept wildcard characters?

false

-EventId <Int32>

Specifies the event identifier. This parameter is required.

Aliases

None

Required?

true

Position

3

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-LogName <String>

Specifies the name of the log to which the event is written. Enter the log name (the value of the Log property, not the LogDisplayName). Wildcard characters are not permitted. This parameter is required.

Aliases

None

Required?

true

Position

1

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Message <String>

Specifies the event message. This parameter is required.

Aliases

None

Required?

true

Position

5

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-RawData <Byte[]>

Specifies the binary data that is associated with the event, in bytes.

Aliases

None

Required?

false

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Source <String>

Specifies the event source, which is typically the name of the application that is writing the event to the log.

Aliases

None

Required?

true

Position

2

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

Input Type

None

Return Type

System.Diagnostics.EventLogEntry

Notes

To use Write-EventLog, start Windows PowerShell with the "Run as administrator" option.

Examples

-------------------------- EXAMPLE 1 --------------------------

This command writes an event from the MyApp source to the Application event log.

PS C:\>write-eventlog -logname Application -source MyApp -eventID 3001 -entrytype Information -message "MyApp added a user-requested feature to the display." -category 1 -rawdata 10,20

-------------------------- EXAMPLE 2 --------------------------

This command writes an event from the MyApp source to the Application event log on the Server01 remote computer.

PS C:\>write-eventlog -computername Server01 -logname Application -source MyApp -eventID 3001 -message "MyApp added a user-requested feature to the display."

Online Version
Clear-EventLog
Get-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog