New-eventLog

Create a new classic event log and a new event source on a local or remote computer.

Syntax
      New-EventLog [-LogName] string [-Source] string[] [[-ComputerName] string[]]
         [-CategoryResourceFile string] [-MessageResourceFile string]
            [-ParameterResourceFile string] [CommonParameters]

Key:
   -CategoryResourceFile string
       Path to the file that contains category strings for the source events.
       Also known as the Category Message File.

       The file must be present on the computer on which the event log is being
       created. This parameter does not create or move files.

   -ComputerName string[]
       Create the new event logs on the specified computers.
       The default is the local computer.

       Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified
       domain name of a remote computer.
       To specify the local computer, type the computer name, a dot (.), or "localhost".

       This parameter does not rely on PowerShell remoting.

   -LogName string
       The name of the event log.

       If the log does not exist, New-EventLog creates the log and uses this
       value for the Log and LogDisplayName properties of the new event log.
       If the log exists, New-EventLog registers a new source for the event log.

   -MessageResourceFile string
       The path to the file that contains message formatting strings for the
       source events. This file is also known as the Event Message File.

       The file must be present on the computer on which the event log is being
       created. This parameter does not create or move files.

   -ParameterResourceFile string
       The path to the file that contains strings used for parameter
       substitutions in event descriptions. 
       This file is also known as the Parameter Message File.

       The file must be present on the computer on which the event log is being
       created. This parameter does not create or move files.

   -Source string[]
       The names of the event log sources, such as application programs that
       write to the event log. This parameter is required.

Cmdlets that contain the EventLog noun (the Event log cmdlets) work only on classic event logs. To get events from logs that use the Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent

Examples

Create the TestLog event log on the local computer and register a new source for it:

PS C:\> new-eventlog -source TestApp -logname TestLog -MessageResourceFile C:\Test\TestApp.dll

Add a new event source, NewTestApp, to the Application log on the Server64 remote computer (requires NewTestApp.dll to exist).

PS C:\> $file = "C:\Program Files\TestApps\NewTestApp.dll"
PS C:\> new-eventlog -computername Server64 -source NewTestApp -logname Application -MessageResourceFile $file -CategoryResourceFile $file

“Some men have only one book in them, others a library” ~ Proverb

Related PowerShell Cmdlets

Get-Eventlog - Get event log data.
Remove-EventLog - Delete an event log.


 
Copyright © 1999-2024 SS64.com
Some rights reserved