Category filter
Script to Fetch Windows device logs
Windows device logs are detailed records of events in the operating system or the installed applications. As a system administrator, you can analyze these logs to troubleshoot any particular issue that occurs on the device. With Hexnode’s Execute Custom Script action, you can push custom scripts to remotely fetch the device logs on your Windows devices.
The Sample Scripts provided below are adapted from third-party Open-Source sites.
PowerShell Script
To view the list of available event logs available on the Windows device, you can run the following command:
|
1 |
Get-EventLog -List |
The Get-EventLog cmdlet can be used to access the event logs of a Windows device. You can invoke various parameters along with the Get-EventLog cmdlet to filter and fetch only the required logs. The LogName is a mandatory parameter used to fetch device logs using PowerShell. The LogName parameter specifies the name of the event log for which the log is to be fetched.
Get the latest entries from an event log
To fetch only the recent entries from a specific event log, you can invoke the Newest parameter along with LogName, and specify the required number of the log entries.
For example, to fetch the latest five entries from the System event log:
|
1 |
Get-EventLog -LogName System -Newest 5 |
Get error events from a specific event log
You can retrieve only the error events by invoking the EntryType parameter.
For example:
|
1 |
Get-EventLog -LogName System -EntryType Error |
Executing the above script will fetch only the error events from the System event log.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
