locked
Write-EventLog without creating a new source RRS feed

  • Question

  • Hi,

    I need to write to the "Application" Log, but it seems I need to create a custom "Source".

    Isn´t there any generic source I can use to write to the Log "application" ?

    Thanks,

    JD

    Thursday, December 26, 2019 10:27 AM

All replies

  • A little exercise with your search engine will find many articles explaining this.

    https://devblogs.microsoft.com/scripting/how-to-use-powershell-to-write-to-event-logs/


    \_(ツ)_/

    • Proposed as answer by BOfH-666 Thursday, December 26, 2019 11:28 AM
    Thursday, December 26, 2019 11:10 AM
  • That example requires a new Source to be created

    My question explicity asks for a way that does not require a custom Source to be created!

    Thursday, December 26, 2019 3:59 PM
  • That example requires a new Source to be created

    My question explicity asks for a way that does not require a custom Source to be created!

    Depends on the application, for example if you are having Exchange installed you could use ESE as a source to right the logs. If not still there are some sources such as WMI, Security-SPP that can be used to write such a log.

    But again it would be wrong to write a log with a source which is not the ACTUAL source of the log. The best way is to create one and then use the same to write the logs.


    • Edited by DumbleD0re Friday, December 27, 2019 8:47 AM
    Thursday, December 26, 2019 4:12 PM
  • Here is a good place to start learning what the event logs are, how to use them and when to use them.

    https://docs.microsoft.com/en-us/windows/win32/eventlog/event-logging

    I recommend learning how to use any Windows technology before just changing things or writing to the operating system.


    \_(ツ)_/

    Thursday, December 26, 2019 9:44 PM