none
Writing to different event logs and sources registered to a single event log RRS feed

  • Question

  • I have a function for writing to event logs:

    function New-EventLogEntry	{
    	param (
    		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No event log text specified")] 
    		[string]$EventLogText,
    		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No event type specified")] 
    		[string]$EventType,
    		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No event source specified")] 
    		[string]$EventSource,
    		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No event log specified")] 
    		[string]$EventLog,
    		[parameter(ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true, Mandatory=$true, HelpMessage="No event ID specified")] 
    		[string]$EventID
    	)
    	$objEvt = new-object System.Diagnostics.EventLog($EventLog)
    	$objEvt.Source = $EventSource
    	$objEvt.WriteEntry($EventLogText,$EventType,$eventID)
    	$objEvt.Destroy
    	Remove-Variable objEvt	
    
    } # end function New-EventLogEntry
    

    I can call it using something like

    New-EventLogEntry -EventType Warning -EventId 1001 -EventLogText "Beginning processing 1" -EventSource $MyInvocation.MyCommand.Name -EventLog Application
    

    Which will work ok. But if I want to use the function to write to different event logs, say, using:

    New-EventLogEntry -EventType Warning -EventId 1001 -EventLogText "Beginning processing 1" -EventSource $MyInvocation.MyCommand.Name -EventLog System
    New-EventLogEntry -EventType Warning -EventId 1001 -EventLogText "Beginning processing 2" -EventSource $MyInvocation.MyCommand.Name -EventLog "Lync Server"
    

    I get an error for each indicating it's already registered for the Application log, and can't be registered for another log:

    Exception calling "WriteEntry" with "3" argument(s): "The source 'New-EventLogEntry.ps1' is not registered in log 'Serv
    er'. (It is registered in log 'Application'.) " The Source and Log properties must be matched, or you may set Log to th
    e empty string, and it will automatically be matched to the Source property."
    At C:\New-EventLogEntry.ps1:20 char:20
    +   $objEvt.WriteEntry <<<< ($EventLogText,$EventType,$eventID)
      + CategoryInfo     : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : DotNetMethodException
    
    Exception calling "WriteEntry" with "3" argument(s): "The source 'New-EventLogEntry.ps1' is not registered in log 'Lync
     Server'. (It is registered in log 'Application'.) " The Source and Log properties must be matched, or you may set Log
    to the empty string, and it will automatically be matched to the Source property."
    At C:\\New-EventLogEntry.ps1:20 char:20
    +   $objEvt.WriteEntry <<<< ($EventLogText,$EventType,$eventID)
      + CategoryInfo     : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : DotNetMethodException
    


    If I set $objEvt.Source to equal $EventLog, then I get the event log entries, but they say something like:

    The description for Event ID 1001 from source Lync Server cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    Beginning processing 2

    That's less than the desired result. Is there a better way to do this?

     

    Sunday, July 17, 2011 5:04 AM

All replies

  • Try using cmdlet : Write-EventLog (get-help Write-EventLog).
    Sunday, July 17, 2011 10:20 AM
  • Thanks. I looked through that, and I get the same problem around -source. If I use something like

    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning
    

    I get the same error as the original method. I would really like to set the source to be the name of the script.

    Monday, July 18, 2011 2:35 PM
  • Thanks. I looked through that, and I get the same problem around -source. If I use something like

     

    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning
    

    I get the same error as the original method. I would really like to set the source to be the name of the script.

     

    Get-WinEvent "Lync Server " - works ?
    Monday, July 18, 2011 2:51 PM
  • Yes, I get entries returned when using that.

     

    Thanks for the help!

    Monday, July 18, 2011 3:04 PM
  • Yes, I get entries returned when using that.

     

    Thanks for the help!

    Get-WinEvent application | select -f 2 | fl id,logname,ContainerLog - Show output
    Monday, July 18, 2011 3:18 PM

  • Id           : 17060
    LogName      : Application
    ContainerLog : application

    Id           : 17060
    LogName      : Application
    ContainerLog : application

    Monday, July 18, 2011 3:20 PM

  • Id           : 17060
    LogName      : Application
    ContainerLog : application

    Id           : 17060
    LogName      : Application
    ContainerLog : application

    And for "Lync Server"




    Monday, July 18, 2011 3:21 PM
  • Id           : 48004
    LogName      : Lync Server
    ContainerLog : lync server

    Id           : 48003
    LogName      : Lync Server
    ContainerLog : lync server

    Monday, July 18, 2011 3:22 PM
  •  

    New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name 
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning

     

     


    Monday, July 18, 2011 3:27 PM
  • I still get

    
    New-EventLog : The "New-EventLogEntry.ps1" source is already registered on the "localhost" computer.
    At C:\New-EventLogEntry.ps1:32 char:13
    + New-EventLog <<<< -LogName System -Source $MyInvocation.MyCommand.Name
      + CategoryInfo     : InvalidOperation: (:) [New-EventLog], InvalidOperationException
      + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.NewEventLogCommand
    
    Write-EventLog : The source 'New-EventLogEntry.ps1' is not registered in log 'Lync Server'. (It is registered in log 'A
    pplication'.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will auto
    matically be matched to the Source property.
    At C:\New-EventLogEntry.ps1:33 char:15
    + Write-EventLog <<<< -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool
    " -EntryType warning
      + CategoryInfo     : InvalidOperation: (:) [Write-EventLog], Exception
      + FullyQualifiedErrorId : The source 'New-EventLogEntry.ps1' is not registered in log 'Lync Server'. (It is regist
      ered in log 'Application'.) " The Source and Log properties must be matched, or you may set Log to the empty strin
     g, and it will automatically be matched to the Source property.,Microsoft.PowerShell.Commands.WriteEventLogCommand
    
    

    Monday, July 18, 2011 3:31 PM
  • Try first delete source and create :

    [System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    
    New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name 
    
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning
    

     

     


    Monday, July 18, 2011 3:36 PM
  • Write-EventLog : The source 'New-EventLogEntry.ps1' is not registered in log 'Lync Server'. (It is registered in log 'S
    ystem'.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will automatic
    ally be matched to the Source property.
    At C:\Users\administrator.LYNC\Desktop\New-EventLogEntry.ps1:34 char:15
    + Write-EventLog <<<< -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool
    " -EntryType warning
      + CategoryInfo     : InvalidOperation: (:) [Write-EventLog], Exception
      + FullyQualifiedErrorId : The source 'New-EventLogEntry.ps1' is not registered in log 'Lync Server'. (It is regist
      ered in log 'System'.) " The Source and Log properties must be matched, or you may set Log to the empty string, an
     d it will automatically be matched to the Source property.,Microsoft.PowerShell.Commands.WriteEventLogCommand
    

    And it looks like the error is coming from the last step.
    • Proposed as answer by Ajala69 Friday, June 14, 2013 9:12 PM
    Monday, July 18, 2011 3:39 PM
  •  The source 'New-EventLogEntry.ps1' is not registered in log 'Lync Server'. (It is registered in log 'System').
    
    Remove source from System Log - [System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    And registered in Lync Server Logname: New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name
    Monday, July 18, 2011 3:42 PM
  • Okay - some weird success.

    I don't get errors any more, but the entry is always in the application log, and it's always the intial message text. If I set the source to Lync Server, and the message text to something else, it still ends up in the app log with the original text.

    Monday, July 18, 2011 3:52 PM
  • Wait - I think it's working. Give me a few to test further.
    Monday, July 18, 2011 3:55 PM
  • Okay - some weird success.

    I don't get errors any more, but the entry is always in the application log, and it's always the intial message text. If I set the source to Lync Server, and the message text to something else, it still ends up in the app log with the original text.

    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning
    
    Get-WinEvent -FilterHashtable @{logname="application";Id=1001}
    Get-WinEvent -FilterHashtable @{logname="Lync Server";Id=1001}
    


    Monday, July 18, 2011 3:57 PM
  • Okay - So no errors, but if I try something like:

    [System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    New-EventLog -LogName "<strong>Lync Server</strong>" -Source $MyInvocation.MyCommand.Name 
    Write-EventLog -LogName "<strong>Lync Server</strong>" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "<strong>my lync entry</strong>" -EntryType warning
    
    
    [System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    New-EventLog -LogName "<strong>Application</strong>" -Source $MyInvocation.MyCommand.Name 
    Write-EventLog -LogName "<strong>Application</strong>" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "<strong>My app entry</strong>" -EntryType warning
    
    

    Both entries appear, but only in the first log specified ("Lync Server")

    PS C:\> Get-WinEvent -FilterHashtable @{logname="Lync Server";Id=1001}
    
    TimeCreated          ProviderName                       Id Message
    -----------          ------------                       -- -------
    7/18/2011 11:57:56 AM     New-EventLogEntry2.ps1                 1001 <strong>My app entry</strong>
    7/18/2011 11:57:56 AM     New-EventLogEntry2.ps1                 1001 my lync entry
    7/18/2011 11:56:58 AM     New-EventLogEntry2.ps1                 1001 <strong>My app entry</strong>
    7/18/2011 11:56:58 AM     New-EventLogEntry2.ps1                 1001 my lync entry
    
    

    Monday, July 18, 2011 4:02 PM
  • Only one time  create Source if does not exists,if exists you may use Write-EventLog. It works,times Get-WinEvent returns the result.

     

    Monday, July 18, 2011 4:07 PM
  • Not sure I understand what you mean. Can you provide an example?
    Monday, July 18, 2011 4:15 PM
  • Not sure I understand what you mean. Can you provide an example?
    # check if the source already exists
    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    
    # if it doesnt exist, create it
    if(!$src)
    {
     New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name
    }
    
    #write to logname
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "This is cool" -EntryType warning
    
    If you get a result from the command Get-WinEvent-FilterHashtable @ {logname = "Lync Server"; Id = 1001} I think everything is fine.
    


    Monday, July 18, 2011 4:25 PM
  • That doesn't work. $src would be true if already existed for ANY log. So using an IF statement causes the same error. Remember, the desire is to be able to repeatedly write to ANY log as part of a function. So I even tried this:

    # check if the source already exists
    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    # if it doesnt exist, create it
    
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name
    
    #write to logname
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "lync: This is so cool" -EntryType warning
    
    # check if the source already exists
    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    # if it doesnt exist, create it
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    New-EventLog -LogName "Application"-Source $MyInvocation.MyCommand.Name
    
    #write to logname
    Write-EventLog -LogName "Application" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "app: This is so cool" -EntryType warning
    
    And I still get the entries in the same event log file (Lync Server).

    Monday, July 18, 2011 4:54 PM
  • Show output:

     

    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    
    New-EventLog -LogName "Lync Server" -Source $MyInvocation.MyCommand.Name
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "lync: This is so cool" -EntryType warning
    Get-WinEvent -FilterHashtable @{logname = "Lync Server"; Id = 1001} -MaxEvents 1 | fl *
    


     


    Monday, July 18, 2011 5:00 PM
  • Output:

    Message              : lync: This is so cool
    Id                   : 1001
    Version              :
    Qualifiers           : 0
    Level                : 3
    Task                 : 1
    Opcode               :
    Keywords             : 36028797018963968
    RecordId             : 21256
    ProviderName         : New-EventLogEntry3.ps1
    ProviderId           :
    LogName              : Lync Server
    ProcessId            :
    ThreadId             :
    MachineName          : Lync-1.lync.lab
    UserId               :
    TimeCreated          : 7/18/2011 1:02:35 PM
    ActivityId           :
    RelatedActivityId    :
    ContainerLog         : lync server
    MatchedQueryIds      : {}
    Bookmark             : System.Diagnostics.Eventing.Reader.EventBookmark
    LevelDisplayName     : Warning
    OpcodeDisplayName    : Info
    TaskDisplayName      :
    KeywordsDisplayNames : {Classic}
    Properties           : {System.Diagnostics.Eventing.Reader.EventProperty}

     

    But that's not the problem. The problem is if you try to run through the same process again, but writing to a different log file. So we try writing to the Lync Server log, then to the application log:

    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    
    New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "lync: This is so cool" -EntryType warning
    Get-WinEvent -FilterHashtable @{logname = "Lync Server"; Id = 1001} -MaxEvents 2 | fl *
    
    
    
    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    
    New-EventLog -LogName "Application"-Source $MyInvocation.MyCommand.Name
    Write-EventLog -LogName "Application" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "app: This is so cool" -EntryType warning
    Get-WinEvent -FilterHashtable @{logname = "Application"; Id = 1001} -MaxEvents 2 | fl *
    

    And the results are:

    Message              : lync: This is so cool
    Id                   : 1001
    Version              :
    Qualifiers           : 0
    Level                : 3
    Task                 : 1
    Opcode               :
    Keywords             : 36028797018963968
    RecordId             : 21257
    ProviderName         : New-EventLogEntry3.ps1
    ProviderId           :
    LogName              : Lync Server
    ProcessId            :
    ThreadId             :
    MachineName          : Lync-1.lync.lab
    UserId               :
    TimeCreated          : 7/18/2011 1:04:58 PM
    ActivityId           :
    RelatedActivityId    :
    ContainerLog         : lync server
    MatchedQueryIds      : {}
    Bookmark             : System.Diagnostics.Eventing.Reader.EventBookmark
    LevelDisplayName     : Warning
    OpcodeDisplayName    : Info
    TaskDisplayName      :
    KeywordsDisplayNames : {Classic}
    Properties           : {System.Diagnostics.Eventing.Reader.EventProperty}

     

    Get-WinEvent : No events were found that match the specified selection criteria.
    At C:\Users\administrator.LYNC\Desktop\New-EventLogEntry3.ps1:19 char:13
    + Get-WinEvent <<<<  -FilterHashtable @{logname = "Application"; Id = 1001} -MaxEvents 2 | fl *
        + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
        + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

     

    We get the error at the end because there is no entry in the Application log, it's actually written to the Lync Server log again (totalling 2 entries in that log).

    Monday, July 18, 2011 5:12 PM
  • 1) Remove all event with ID 1001 from both logname app and lync

    2) Run script and show ouptut:

     

    $src = [System.Diagnostics.EventLog]::SourceExists($MyInvocation.MyCommand.Name)
    if($src){
    	[System.Diagnostics.EventLog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    
    New-EventLog -LogName "Lync Server"-Source $MyInvocation.MyCommand.Name
    
    Write-EventLog -LogName "Lync Server" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "lync: This is so cool" -EntryType warning
    Get-WinEvent -FilterHashtable @{logname = "Lync Server"; Id = 1001} | fl *
    
    Write-EventLog -LogName "Application" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "app: This is so cool" -EntryType warning
    Get-WinEvent -FilterHashtable @{logname = "Application"; Id = 1001} | fl *
    


     



    Monday, July 18, 2011 5:22 PM
  • Message              : lync: This is so cool
    Id                   : 1001
    Version              :
    Qualifiers           : 0
    Level                : 3
    Task                 : 1
    Opcode               :
    Keywords             : 36028797018963968
    RecordId             : 21261
    ProviderName         : New-EventLogEntry3.ps1
    ProviderId           :
    LogName              : Lync Server
    ProcessId            :
    ThreadId             :
    MachineName          : Lync-1.lync.lab
    UserId               :
    TimeCreated          : 7/18/2011 1:24:34 PM
    ActivityId           :
    RelatedActivityId    :
    ContainerLog         : lync server
    MatchedQueryIds      : {}
    Bookmark             : System.Diagnostics.Eventing.Reader.EventBookmark
    LevelDisplayName     : Warning
    OpcodeDisplayName    : Info
    TaskDisplayName      :
    KeywordsDisplayNames : {Classic}
    Properties           : {System.Diagnostics.Eventing.Reader.EventProperty}

     

    Write-EventLog : The source 'New-EventLogEntry3.ps1' is not registered in log 'Application'. (It is registered in log '
    Lync Server'.) " The Source and Log properties must be matched, or you may set Log to the empty string, and it will aut
    omatically be matched to the Source property.
    At C:\Users\administrator.LYNC\Desktop\New-EventLogEntry3.ps1:11 char:15
    + Write-EventLog <<<<  -LogName "Application" -source $MyInvocation.MyCommand.Name -EventId 1001 -message "app: This is
     so cool" -EntryType warning
        + CategoryInfo          : InvalidOperation: (:) [Write-EventLog], Exception
        + FullyQualifiedErrorId : The source 'New-EventLogEntry3.ps1' is not registered in log 'Application'. (It is regis
       tered in log 'Lync Server'.) " The Source and Log properties must be matched, or you may set Log to the empty stri
      ng, and it will automatically be matched to the Source property.,Microsoft.PowerShell.Commands.WriteEventLogComman
     d

    Get-WinEvent : No events were found that match the specified selection criteria.
    At C:\Users\administrator.LYNC\Desktop\New-EventLogEntry3.ps1:12 char:13
    + Get-WinEvent <<<<  -FilterHashtable @{logname = "Application"; Id = 1001} -MaxEvents 2 | fl *
        + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
        + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

    Monday, July 18, 2011 5:24 PM
  • I'll also add only one entry appeared - the first one - in the Lync log.
    Monday, July 18, 2011 5:25 PM
  • Anyone else have ideas?
    Thursday, July 21, 2011 7:14 PM
  • Hi,

    Can you check this? I tested this, it allows to write to multiple logs, the source turns out to be the function name here if that works for you.

    function write-EventToSystem
    {
     if(![System.Diagnostics.Eventlog]::SourceExists($MyInvocation.MyCommand.Name))
     {
     [System.Diagnostics.Eventlog]::CreateEventSource($MyInvocation.MyCommand.Name, "System")
     Write-EventLog -LogName "System" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : System : " -EntryType warning
     [System.Diagnostics.Eventlog]::DeleteEventSource($MyInvocation.MyCommand.Name)
     }
    }
    
    function write-EventToLyncServer
    {
     if(![System.Diagnostics.Eventlog]::SourceExists($MyInvocation.MyCommand.Name))
     {
     [System.Diagnostics.Eventlog]::CreateEventSource($MyInvocation.MyCommand.Name, "Lync Server")
     Write-EventLog -LogName "Lync Server" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : Lync Server : " -EntryType warning
     [System.Diagnostics.Eventlog]::DeleteEventSource($MyInvocation.MyCommand.Name)
     }
    }
    
    function write-EventToSharePointMyServer
    {
     if(![System.Diagnostics.Eventlog]::SourceExists($MyInvocation.MyCommand.Name))
     {
     [System.Diagnostics.Eventlog]::CreateEventSource($MyInvocation.MyCommand.Name, "SharePoint myServer")
     Write-EventLog -LogName "SharePoint myServer" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : SharePoint myServer : " -EntryType warning
     [System.Diagnostics.Eventlog]::DeleteEventSource($MyInvocation.MyCommand.Name)
     }
    }
    
    
    

     


    Ketan Thakkar | Microsoft Online Community Support
    Thursday, July 28, 2011 6:23 AM
    Moderator
  • Okay, those run without errors. But I get this in the event log entry:

    The description for Event ID 3995 from source write-EventToSystem cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

    If the event originated on another computer, the display information had to be saved with the event.

    The following information was included with the event:

    This is a test event in : System :

    Tuesday, August 2, 2011 6:35 PM
  • Hi,

    Sorry for the late reply, however, if you haven't gotton through to above 'unwanted description', here is the one that lets you preserve your description:

    Basically, if you delete the source, it also forgets about the formatting about the event.

     

    function write-EventToLyncServer
    {
    if(![System.Diagnostics.Eventlog]::SourceExists($MyInvocation.MyCommand.Name))
    {
    [System.Diagnostics.Eventlog]::CreateEventSource($MyInvocation.MyCommand.Name, "Lync Server")
    Write
    -EventLog -LogName "Lync Server" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : Lync Server : " -EntryType warning
    #[System.Diagnostics.Eventlog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    else
    {
    Write
    -EventLog -LogName "Lync Server" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : Lync Server : " -EntryType warning
    }
    }

    function write-EventToSharePointMyServer
    {
    if(![System.Diagnostics.Eventlog]::SourceExists($MyInvocation.MyCommand.Name))
    {
    [System.Diagnostics.Eventlog]::CreateEventSource($MyInvocation.MyCommand.Name, "SharePoint myServer")
    Write
    -EventLog -LogName "SharePoint myServer" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : SharePoint myServer : " -EntryType warning
    #[System.Diagnostics.Eventlog]::DeleteEventSource($MyInvocation.MyCommand.Name)
    }
    else
    {
    Write
    -EventLog -LogName "SharePoint myServer" -Source $MyInvocation.MyCommand.Name -EventId 3995 -Message "This is a test event in : SharePoint myServer : " -EntryType warning
    }
    }



    Ketan Thakkar | Microsoft Online Community Support
    Monday, August 22, 2011 8:11 AM
    Moderator
  • Unfortunately this does not work. I need a SINGLE function that allows me to write to ANY of the event logs. Plus, $MyInvocation.MyCommand.Name, when referenced outside of a function, is the script name. When referenced inside a function, is the function name. I need the script name - not the function - to be the source for the event log entry.

     

    Monday, August 22, 2011 2:18 PM
  • try this

    $global:MyInvocation.MyCommand.Name

    or probably better this way

    $script:MyInvocation.MyCommand.Name

    I did a little testing, seemed to work.


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Monday, August 22, 2011 2:48 PM
  • Hi Pat,

    This may shade some light that you have been looking for.

     

     You have to have a different source for each event log. The way it works is, an event source is always associated with the last log it was registered for by CreateEventSource.

     

    The documentation for EventLog.CreateEventSource (String, String),  http://msdn.microsoft.com/en-us/library/2awhba7a.aspx says: ” The source must be unique on the local computer; a new source name cannot match an existing source name or an existing event log name. Each source can write to only one event log at a time”

     

    However, you can still keep the name of the script into the source combining with something else, like function name or log name like this:

     

    Edit: $sourceScript is defined before the fuction starts like this: $sourceScript = $script:MyInvocation.MyCommand.Name

     

    function write-EventToSystem

    {

            try

           {

            $SRC = $sourceScript + " - " + $MyInvocation.MyCommand.Name

                  if(![System.Diagnostics.Eventlog]::SourceExists($SRC))

                    {

                             [System.Diagnostics.Eventlog]::CreateEventSource($SRC, "System")

                          Write-EventLog -LogName "System" -Source $SRC -EventId 3995 -Message "This is a test event in : System : " -EntryType warning

                          #[System.Diagnostics.Eventlog]::DeleteEventSource($sourceScript)

                    }

                  else

                  {

                             Write-EventLog -LogName "System" -Source $SRC -EventId 3995 -Message "This is a test event in : System : " -EntryType warning

                    }

            }

    }

     

     

    The output ‘source name’ would look something like this:

     

    Index              : 4576

    EntryType          : Warning

    InstanceId         : 3995

    Message            : This is a test event in : System :

    Category           : (1)

    CategoryNumber     : 1

    ReplacementStrings : {This is a test event in : System : }

    Source             : writeEventlogRevised.1.ps1 - write-EventToSystem

    TimeGenerated      : 8/24/2011 6:40:52 PM

    TimeWritten        : 8/24/2011 6:40:52 PM

    UserName           :

     

     

     

    The script would still need to check if the source exists and create it if necessary. And if the source has to be created, probably should immediately check again to ensure it exists, and if it’s not yet visible/existing, keep retrying in a loop every 100 milliseconds until it exists, give up if it still doesn’t exist after 10 seconds.

     


    Wednesday, August 24, 2011 1:23 PM
    Moderator