When you write events to an event log using Write-EventLog, you must specify a valid source name. However, there is no easy way of finding out which source files are registered for a particular event log. This can also bite you when you create a new event log using New-EventLog: you must not specify any source names that are already in use by another event log.
Here is a simple approach to find out all source names, and show the event log they are registered for:
PS> Get-WmiObject -Class Win32_NTEventLOgFile | Select-Object FileName, Sources
FileName Sources
-------- -------
Application {Application, .NET Runtime, .NET Runtime Optimization Service, Application Error...}
Dell {Dell, DigitalDelivery, Update}
HardwareEvents {HardwareEvents}
Internet Explorer {Internet Explorer}
isaAgentLog {isaAgentLog, isaAgent}
Key Management Service {Key Management Service, KmsRequests}
OAlerts {OAlerts, Microsoft Office 16 Alerts}
PowerShellPrivateLog {PowerShellPrivateLog, Debug, Logon, Misc...}
PreEmptive {PreEmptive, PreEmptiveAnalytics}
Security {Security, DS, LSA, Microsoft-Windows-Eventlog...}
System {System, 3ware, ACPI, ADP80XX...}
TechSmith {TechSmith, TechSmith Uploader Service}
Windows PowerShell {Windows PowerShell, PowerShell}
You can even turn this list into a useful hash table:
# find all registered sources $Sources = Get-WmiObject -Class Win32_NTEventLOgFile | Select-Object FileName, Sources | ForEach-Object -Begin { $hash = @{}} -Process { $hash[$_.FileName] = $_.Sources } -end { $Hash } # list sources for application log $Sources["Application"] # list sources for system log $Sources["System"]
Are you an experienced professional PowerShell user? Then learning from default course work isn’t your thing. Consider learning the tricks of the trade from one another! Meet the most creative and sophisticated fellow PowerShellers, along with Microsoft PowerShell team members and PowerShell inventor Jeffrey Snover. Attend this years’ PowerShell Conference EU, taking place April 17-20 in Hanover, Germany, for the leading edge. 35 international top speakers, 80 sessions, and security workshops are waiting for you, including two exciting evening events. The conference is limited to 300 delegates. More details at www.psconf.eu.
