Neuigkeiten

Writing event log entries to the Windows event log as any source (using the Power Shell)

First off, sorry for writing so much about management packs. However this might help you somewhere else as well. Today I want to show you how it’s possible to write events to the windows event log as any event source. I needed this to test simple event log monitors within the SCOM Authoring console. So, now I can test the Management Pack behavior without actually installing the application on my local machine (some errors and event log entries are hard to reproduce, this will help with those as well). Usually windows will not allow you to write events as an event source that doesn’t exist yet. Easy enough, fire up the Windows Power Shell (with right click -> run as administrator). Enter:

[System.Diagnostics.EventLog]::CreateEventSource("YourEventSource", "Application")

Now that you have your event source you can write events in any way you like. Since you’re already in the power shell you might as well use it. Enter something like:

Write-EventLog -logname Application -source YourEventSource -eventID 6666 -entrytype Information -message "Simulated Event" -category 1 -rawdata 10,20

(Get help on the command by typing „Get-Help Write-EventLog -full“. You can add something like „> c:\myhelp.txt“ to write it to a file and open it in an editor window. Makes things easier.) Since we are good programmers, we clean up when the work is done. So here’s the command to delete the Event Source:

[System.Diagnostics.EventLog]::DeleteEventSource("YourEventSource")

Now this information is all available on Google but I haven’t found it compiled in a single article so maybe this will help.