The most commonly used cmdlets related to event logging are as follows:
Get-EventLog
Clear-EventLog
Show-EventLog
Limit-EventLog
Write-EventLog
New-EventLog
Remove-EventLog
clear the events from the Application event log using the -confirm switch:
Clear-EventLog -Logname "Application" -confirm
To see events of a remote server:
Show-EventLog -computername RemoteServerName
The following example shows all the sources available on the current host machine:
Get-EventLog -logname "Application" | Select-Object Source -unique
Write the message ‘‘SQL Server 2008 administration with Windows PowerShell’’ under the Application event log using the event source Userenv:
Write-EventLog -logname "Application" -source userenv -eventID 3001 -entrytype Information -message "SQL Server 2008 administration with Windows PowerShell" -category 1 -rawdata 10,20
The following command keeps the log entries for seven days and overwrites the log when it is overflowing:
Limit-EventLog -logname "Windows PowerShell" -overflowaction OverwriteOlder -retention 7