Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / Languages / PowerShell
 

Create, View & Delete Custom Sources under Windows Event Log

3.50/5 (3 votes)
2 Jun 2020CPOL2 min read 13.7K  
This post will help you to Create, View & Delete your own Event Source using PowerShell.
These are very simple PowerShell commands to create/view/delete your own Event Source under Windows Log. With the help of custom Source, you can send your events in your own source instead of clubbing with System log entries.

Introduction

PowerShell commands can be used to Create/View/Delete your own Event Source/Event Log Name under Windows Log. With the help of custom "Source", you can write your events in your own source instead of clubbing with System defined sources. You can have multiple Sources under an Event Log Name and Event Log Name works as wrapper to accommodate similar type of source logging at one place.

Background

In order to use this, you must have Admin Access on your system or server where you will implement this.

Using the Code

Below are a set of PowerShell commands to Create/View/Delete Event Source/Event Log Name:

C++
1. New-EventLog -LogName {your own log name} -Source {your own source name}
2. Get-EventLog -List
3. Remove-EventLog -Source {your own source name} 
4. Remove-EventLog -LogName {your own log name}

Let's start with the implementation part:

#1: First to Create New Event Source

Just type New-EventLog -LogName MyTestLogName -Source MyTestSourceName on PowerShell command prompt and press enter as below:

New Event Log Command

You will not get any success message after creation, but you can visit Event Viewer to see new log name "MyTestLogName" under "Application and Services Logs" as below:

Image 2

You can have multiple Sources under one Log Name, Log Name is just a wrapper like below:

Image 3

If you do not have Admin Access, you will get the below error while creating a new source:

Image 4

If Source already exists in your system, it will not allow you to create new and throw the below error:

Image 5

#2: Let's Move on to Second Command to Get List of All Sources Which You Have in Your System Inclusive Your Own Created Ones

Instead of visiting to Event Viewer to check newly created your own new source (shared in above section), you can just hit Get-EventLog -List command in PowerShell to get a complete list as below:

Image 6

It's very simple to verify your source got created or not instantly using command prompt.

#3. Now Move On to Removal Source

If you will use Remove-EventLog -Source {your own source name}, it will just remove your Source, Log name will remain there. As you can have multiple Sources under same Log Name, that's why you can simply delete Source does not mean it will remove your Log Name as well.

See below, I have removed just Source, but Log Name is still there. Log Name is just a kind of wrapper:

Image 7

#4. Last Command to Remove Log Name

You can remove your Log Name by using Remove-Eventlog -Logname {your own log name} Command. See below. This will remove your wrapper along all sources underneath.

Image 8

Thanks for reading!

Points of Interest

This helps in logging your custom error from your application written in C#.

History

  • 2nd June, 2020: Version 1.0

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Permalink

Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Article Copyright 2020 by .Net Core Developer
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-10-19:1