Create a new classic event log and a new event source on a local or remote computer.
Syntax
New-EventLog [-LogName] string [-Source] string[] [[-ComputerName] string[]]
[-CategoryResourceFile string] [-MessageResourceFile string]
[-ParameterResourceFile string] [CommonParameters]
Key:
-CategoryResourceFile string
Path to the file that contains category strings for the source events.
Also known as the Category Message File.
The file must be present on the computer on which the event log is being
created. This parameter does not create or move files.
-ComputerName string[]
Create the new event logs on the specified computers.
The default is the local computer.
Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified
domain name of a remote computer.
To specify the local computer, type the computer name, a dot (.), or "localhost".
This parameter does not rely on PowerShell remoting.
-LogName string
The name of the event log.
If the log does not exist, New-EventLog creates the log and uses this
value for the Log and LogDisplayName properties of the new event log.
If the log exists, New-EventLog registers a new source for the event log.
-MessageResourceFile string
The path to the file that contains message formatting strings for the
source events. This file is also known as the Event Message File.
The file must be present on the computer on which the event log is being
created. This parameter does not create or move files.
-ParameterResourceFile string
The path to the file that contains strings used for parameter
substitutions in event descriptions.
This file is also known as the Parameter Message File.
The file must be present on the computer on which the event log is being
created. This parameter does not create or move files.
-Source string[]
The names of the event log sources, such as application programs that
write to the event log. This parameter is required.
Cmdlets that contain the EventLog noun (the Event log cmdlets) work only on classic event logs. To get events from logs that use the Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent
Add a new event log source called 'windevcluster' for the Application log and write a message to it, choosing a unique eventID makes it easy to filter/find errors in the log later:
PS C:\> New-EventLog -source 'windevcluster' -logname Application
PS C:\> Write-EventLog -source 'windevcluster' -logname Application -Entrytype Error -eventID 646 -message "Something bad happened"
Create the Blammo event log on the local computer and register a new source for it:
PS C:\> New-EventLog -source TestApp -LogName Blammo -MessageResourceFile C:\Test\Blammo.dll
Add a new event source, NewTestApp, to the Application log on the Server64 remote computer (requires NewTestApp.dll to exist).
$file = "C:\Program Files\TestApps\NewTestApp.dll"
$log_options = @{
ComputerName = 'Server64'
source = 'NewTestApp'
LogName = 'Application'
MessageResourceFile = $file
CategoryResourceFile = $file
}
New-EventLog @log_options
“Some men have only one book in them, others a library” ~ Proverb
Get-Eventlog - Get event log data.
Remove-EventLog - Delete an event log.