{"id":10658,"date":"2025-03-11T09:00:58","date_gmt":"2025-03-11T09:00:58","guid":{"rendered":"https:\/\/cheapwindowsvps.com\/blog\/a-comprehensive-guide-to-writing-logs-to-the-windows-event-viewer-using-powershell-and-cmd\/"},"modified":"2025-03-11T09:00:58","modified_gmt":"2025-03-11T09:00:58","slug":"a-comprehensive-guide-to-writing-logs-to-the-windows-event-viewer-using-powershell-and-cmd","status":"publish","type":"post","link":"https:\/\/cheapwindowsvps.com\/blog\/a-comprehensive-guide-to-writing-logs-to-the-windows-event-viewer-using-powershell-and-cmd\/","title":{"rendered":"A Comprehensive Guide to Writing Logs to the Windows Event Viewer Using PowerShell and CMD"},"content":{"rendered":"

To log event information directly to the Windows Event Viewer using PowerShell or Command Prompt, you can utilize the Write-EventLog<\/strong> cmdlet. This approach is beneficial for tracking script execution without creating text log files. Here\u2019s how you can do it:<\/p>\n

    \n
  1. \n

    Log an Information Event<\/strong>:Use the following command to write an informational entry to the Application<\/em> log:<\/p>\n

    Write-EventLog -LogName Application -Source "Application" -EntryType Information -EventID 1 -Message "PS1 Script started"<\/code><\/pre>\n<\/li>\n
  2. \n
    Add a Custom Event Source<\/strong>:If you want to use a separate event source in the log, create one with:<\/p>\n
    New-EventLog -LogName Application -Source "MyScripts"<\/code><\/pre>\n
    Now you can log events with your custom source:<\/p>\n
    Write-EventLog -LogName Application -Source "MyScripts" -EntryType Warning -EventID 1 -Message "PS1 Script started"<\/code><\/pre>\n<\/li>\n
  3. \n
    Check the Event Viewer<\/strong>:Open the Event Viewer (eventvwr.msc<\/code>), navigate to the Application<\/strong> log, and you should see the new event listed.<\/p>\n<\/li>\n<\/ol>\n
    Event Types<\/h3>\n
    The EntryType<\/strong> parameter accepts the following types:<\/p>\n
      \n
    • Error<\/code><\/li>\n
    • Information<\/code><\/li>\n
    • FailureAudit<\/code><\/li>\n
    • SuccessAudit<\/code><\/li>\n
    • Warning<\/code><\/li>\n<\/ul>\n
        \n
      1. \n
        Logging from CMD\/BAT Scripts<\/strong>:You can also log information via a command prompt script using eventcreate.exe<\/code>:<\/p>\n
        eventcreate \/t information \/l application \/id 1 \/d "BAT script started"<\/code><\/pre>\n<\/li>\n
      2. \n
        Creating a Custom Log<\/strong>:If you need a custom log, use:<\/p>\n
        New-EventLog -LogName CustomPSLog -Source 'MyScripts','PSScript','PSLogonScript','PSSchedScript'<\/code><\/pre>\n
        Before writing to it, check if the log exists:<\/p>\n
        If ([System.Diagnostics.EventLog]::SourceExists('CustomPSLog') -eq $False) {    New-EventLog -LogName CustomPSLog -Source "MyScripts"}<\/code><\/pre>\n
        After creating the log, ensure it receives at least one event to appear in Event Viewer:<\/p>\n
        Write-EventLog -LogName CustomPSLog -Source MyScripts -EntryType Information -EventID 1 -Message "Test"<\/code><\/pre>\n<\/li>\n
      3. \n
        Finding Events with PowerShell<\/strong>:To filter and find specific events in your logs, use the Get-WinEvent<\/code> cmdlet:<\/p>\n
        Get-WinEvent -FilterHashtable @{logname='CustomPSLog';id=1} | ft TimeCreated,Id,Message | Select-Object -First 5<\/code><\/pre>\n<\/li>\n<\/ol>\n
        Note on PowerShell Core<\/h4>\n
        In PowerShell Core (7.x), the Write-EventLog<\/strong> cmdlet is not available, and you should use New-WinEvent<\/strong> instead, although it requires registering an event provider. For simplicity, it’s advisable to import the management module:<\/p>\n
        Import-Module Microsoft.PowerShell.Management -UseWindowsPowerShellWrite-EventLog -LogName CustomPSLog1 -Source CustomPSLog -EntryType Information -EventID 1 -Message "Test2"<\/code><\/pre>\n
        Make sure to run these commands as an administrator, as only users in the local Administrators group can send events to the event logs created by administrators.<\/p>\n","protected":false},"excerpt":{"rendered":"
        To log event information directly to the Windows Event Viewer using PowerShell or Command Prompt, you can utilize the Write-EventLog cmdlet. This approach is beneficial for tracking script execution without creating text log files. Here\u2019s how you can do it: Log an Information Event:Use the following command to write an informational entry to the Application […]<\/p>\n","protected":false},"author":0,"featured_media":10659,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[117,99,108],"tags":[],"class_list":["post-10658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-powershell","category-windows-11","category-windows-server-2022"],"_links":{"self":[{"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/posts\/10658","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/comments?post=10658"}],"version-history":[{"count":0,"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/posts\/10658\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/media\/10659"}],"wp:attachment":[{"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/media?parent=10658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/categories?post=10658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cheapwindowsvps.com\/blog\/wp-json\/wp\/v2\/tags?post=10658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}