Logging to the Windows Event Log in your PowerShell scripts

As I discussed in my previous post, you can log information to a file, but sometimes you may want to log to the Windows Event Log.
Contents of this article

To log to the Windows Event Log, you will need to use the following cmdlets:

Writing directly to an existing source

Writing directly to an existing source

You can write directly to an existing source in the Windows Event Log, but sifting through these logs can become tedious at best. To make it easier to find a specified log one of your scripts created, I believe you should first create a new source in the Windows Event Log.

To do this, you have to run the New-EventLog cmdlet. In this introduction, we will not need all parameters the cmdlet offers. The ones below are relevant:

  • ComputerName: This parameter sets the computer for creating the new Event Log source. Typically, you will only create this on the local system, but you could add the source to all of your systems if you choose.
  • LogName: This specifies the Event Log name you want to use when creating your Event Log. Consider this the "Folder" name within the Windows Event Viewer.
  • Source: This parameter sets the source of the event to log. Think of this as a list of functions that may throw errors within your PowerShell module. This parameter can take an array of strings.
Example of a new Event LogName created by New-EventLog

Example of a new Event LogName created by New-EventLog

In my example, I will store the parameters in a hash table. As mentioned above, the Source parameter accepts an array of strings. Make sure your new LogName and Source exist on the systems where you intend to log information.

Now that we have defined our new LogName and Source, we can start logging to our Event Log with Write-EventLog. But we should understand our options first:

  • ComputerName: This sets the computer for creating the new Event Log source.
  • EntryType: This sets the event type you would like to log. By default it is set to Informational, but you can specify Error, Warning, Informational, SuccessAudit, and FailureAudit (see EventLogEntryType Enumeration for more information).
  • EventId: This specifies the event ID you would to use when logging to the Event Log.
  • LogName: This parameter will need to be the same as the LogName you specified when you created the Event Log.
  • Message: This contains the information associated with your log entry.
  • RawData: This associates any binary data you choose with your logged event.
  • Source: This will need to be one of the sources you specified when you created the Event Log.

For this example, we will only use a select few of the parameters listed above. In most cases, this will be good enough to get started.

Now you should be able to view the event in the Event Viewer.

Example log added to our new Event Log

Example log added to our new Event Log

Wrap-up ^

Writing to the Windows Event Log with PowerShell is easy and straightforward. The advantage over logging to a text file is that you can use Event Log management tools centrally to retrieve log data in your network. By working with a standardized location in your PowerShell scripts, you can streamline troubleshooting.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

  1. Itamar 3 years ago


    You didn't specified how do you check if the source already exist



    • Kirill Nikolaev 3 years ago

      You can check it with:

      If it returns $true, the source exists.

      Note, that you also have to catch errors using the following expression:

      then proceed assuming that the source does not exist.

  2. One important thing.. you can use New-EventLog multiple times with multiple sources, and each pass will register the new source.. It's very handy if you forgot to register your sources initiailly.

    David F.

  3. Author

    Thank you all! If someone wants to add a Pull Request I'll review and accept. If not, I will add this functionality as soon as I have time.

    Thank you for reading!


  4. Ingmar Koecher 3 years ago

    Great article, the event log is a great logging subsystem in Windows - thanks for making it more accessible. For reference purposes, I wrote a similar article involving Perl & Python a while ago.


  5. Anshuman Misra 3 years ago

    In your first screen shot you have multiple lines of text in the 'Message'. How can we pass an array as the 'Message' ?


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2020


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account