如何确定EventLog是否已存在

时间:2012-12-13 01:33:17

标签: powershell event-log eventlog-source

我正在使用以下行创建新的事件日志

new-eventlog -LogName "Visual Studio Builds" -Source "Visual Studio"

我想每次运行它,因为如果我从新计算机运行构建,我仍然希望看到事件日志。

问题是,每次在创建日志后运行脚本时,都会抛出错误。

New-EventLog : The "Visual Studio" source is already registered on the "localhost" computer.
At E:\Projects\MyApp\bootstrap.ps1:14 char:13
+ new-eventlog <<<<  -LogName "Visual Studio Builds" -Source "Visual Studio"
    + CategoryInfo          : InvalidOperation: (:) [New-EventLog], InvalidOperationException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.NewEventLogCommand

现在我知道我可以“搜索”事件日志

Get-EventLog -list | Where-Object {$_.logdisplayname -eq "Visual Studio Builds"}

但现在我如何确定它是否存在?

10 个答案:

答案 0 :(得分:36)

# Check if Log exists
# Ref: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.exists(v=vs.110).aspx
[System.Diagnostics.EventLog]::Exists('Application');


# Ref: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlog.sourceexists(v=vs.110).aspx
# Check if Source exists
[System.Diagnostics.EventLog]::SourceExists("YourLogSource");

答案 1 :(得分:24)

所以我和Get-EventLog在正确的道路上。

我将其存储在变量中,而不仅仅是阅读它。然后我检查了变量是否为null

这实现了我的目标。

$logFileExists = Get-EventLog -list | Where-Object {$_.logdisplayname -eq "Visual Studio Builds"} 
if (! $logFileExists) {
    New-EventLog -LogName "Visual Studio Builds" -Source "Visual Studio"
}

答案 2 :(得分:11)

检查Exists方法:

[System.Diagnostics.EventLog]::Exists('Visual Studio Builds')

答案 3 :(得分:11)

if ([System.Diagnostics.EventLog]::SourceExists("Visual Studio") -eq $False) { New-EventLog -LogName "Visual Studio Builds" -Source "Visual Studio" }

答案 4 :(得分:3)

简单检查是否存在:

$EventLogName = "LogName"
if ( !($(Get-EventLog -List).Log.Contains($EventLogName)))
{}

但要创建新的,您需要“以管理员身份”权限。为了解决这个问题,我曾经调用过一个子进程:

Start-Process -verb runAs powershell.exe  -ArgumentList "-file $PSScriptRoot\CreateLog.ps1" -wait

使用简单的CreateLog.ps1:

New-EventLog -LogName ScriptCheck -Source ScriptCheck
Write-EventLog –LogName ScriptCheck `
–Source ScriptCheck –EntryType Information –EventID 100 `
–Message "Start logging!"

答案 5 :(得分:2)

我认为以下方法可以减少使用where

的过滤器的工作量 
    try
    {
        Get-EventLog -LogName "Visual Studio Builds" -ErrorAction Ignore| Out-Null
    }
    catch {
        New-EventLog -LogName "Visual Studio Builds" -Source "Visual Studio"
    }

答案 6 :(得分:2)

这个对我有用。希望对别人有帮助。

$EventLog = "SLAPS"
If ([System.Diagnostics.EventLog]::SourceExists("$EventLog") -eq $false) {
    New-EventLog -LogName "SLAPS_PasswordRotation" -Source "$EventLog"
    Write-EventLog -LogName "SLAPS_PasswordRotation" -Source "$EventLog" -Message "EventLog Succesfully Created" -EventId 10000 -EntryType SuccessAudit
}
Else {
    Write-EventLog -LogName "SLAPS_PasswordRotation" -Source "$EventLog" -Message "New Rotation Started Succesfully" -EventId 1 -EntryType SuccessAudit
}

答案 7 :(得分:1)

不太复杂:

 if (!(Get-Eventlog -LogName "Application" -Source "YourLog")){
      New-Eventlog -LogName "Application" -Source "YourLog"
 }

答案 8 :(得分:0)

$SourceExists = [System.Diagnostics.Eventlog]::SourceExists("XYZ")
if($SourceExists -eq $false){
    [System.Diagnostics.EventLog]::CreateEventSource("XYZ", "Application")
}

这样做还不够。即使您已创建了活动源,$SourceExists也始终为false。我通过运行CreateEventSource然后Remove-EventLog对其进行了测试,并将其删除失败。创建事件源后,您必须为其编写内容。运行CreateEventSource后附加此内容。

Write-EventLog -LogName "Application" -Source "XYZ" -EventID 0 -EntryType Information -Message "XYZ source has been created."

感谢https://stackoverflow.com/users/361842/johnlbevan指出这一点(在评论中)。

答案 9 :(得分:0)

Get- / Test-EventLogSource

/var/www/data/$file_name方法是有限制的。一台计算机上只能有一个来源。不同的计算机可能具有相同的来源,但是日志不同。以我的经验,使用这些方法并创建/删除日志和源后,您会遇到一些问题。我写了以下代码来验证我的自定义日志/源。

System.Diagnostics

使用Get-WinEvent 

Set-StrictMode -Version Latest

function Get-EventLogSource {
    [CmdletBinding()]
    param(
        [string]$LogFile = '*',
        [string]$Source = '*'
    )

    Get-CimInstance -Class Win32_NTEventLOgFile -Verbose:$false | ForEach-Object {

        $_logName = $PSItem.FileName
 
        $PSItem.Sources | ForEach-Object {
 
            $oResult = New-Object PSCustomObject -Property @{
                Source  = $PSItem
                LogName = $_logName
            } | Select-Object  -Property Source, LogName

            Write-Output $oResult
        }
    } | Sort-Object -Property Source | Where-Object { $PSItem.Source -like $Source -and $PSItem.LogName -like $LogFile }    
}

function Test-EventLogSource {
    [CmdletBinding()]
    param(
        [string]$LogFile = '*',
        [Parameter(Mandatory)]
        [string]$Source
    )
    $_result = Get-EventLogSource -LogFile $LogFile -Source $Source
    return ($null -ne $_result)
}

Clear-Host

#Test-EventLogSource -LogFile 'System' -Source '.NET*' -Verbose
#Test-EventLogSource -LogFile 'Application' -Source '.NET*' -Verbose
#Test-EventLogSource -LogFile 'dummy' -Source '.NET*' -Verbose
#Test-EventLogSource -LogFile '*' -Source '.NET*' -Verbose
#Test-EventLogSource -Source '.NET*' -Verbose

#Test-EventLogSource -LogFile 'Application' -Source 'vs' -Verbose
#Test-EventLogSource -LogFile '*' -Source 'vss' -Verbose

#Test-EventLogSource -Source '*power*'


#Get-EventLogSource
#Get-EventLogSource -LogFile 'System' -Source '.NET*' -Verbose | Format-Table
#Get-EventLogSource -LogFile 'Application' -Source '.NET*' -Verbose | Format-Table
#Get-EventLogSource -LogFile 'dummy' -Source '.NET*' -Verbose | Format-Table
#Get-EventLogSource -LogFile '*' -Source '.NET*' -Verbose | Format-Table
#Get-EventLogSource -Source '.NET*' -Verbose | Format-Table

#Get-EventLogSource -LogFile 'Application' -Source 'vs' -Verbose | Format-Table
#Get-EventLogSource -LogFile '*' -Source 'vss' -Verbose | Format-Table

#Get-EventLogSource -Source '*power*'| Format-Table
相关问题
最新问题