65.9K
CodeProject is changing. Read more.
Home

Create, View & Delete Custom "Sources" under Windows Event Log

.Net Core Developer
starIconstarIconstarIcon
emptyStarIcon
starIcon
emptyStarIcon

3.50/5 (3 votes)

Jun 2, 2020

CPOL

2 min read

viewsIcon

13784

This post will help you to Create, View & Delete your own Event "Source" using PowerShell.

Introduction

PowerShell commands can be used to Create/View/Delete your own Event Source/Event Log Name under Windows Log. With the help of custom "Source", you can write your events in your own source instead of clubbing with System defined sources. You can have multiple Sources under an Event Log Name and Event Log Name works as wrapper to accommodate similar type of source logging at one place.

Background

In order to use this, you must have Admin Access on your system or server where you will implement this.

Using the Code

Below are a set of PowerShell commands to Create/View/Delete Event Source/Event Log Name:

1. New-EventLog -LogName {your own log name} -Source {your own source name}
2. Get-EventLog -List
3. Remove-EventLog -Source {your own source name} 
4. Remove-EventLog -LogName {your own log name}

Let's start with the implementation part:

#1: First to Create New Event Source

Just type New-EventLog -LogName MyTestLogName -Source MyTestSourceName on PowerShell command prompt and press enter as below:

New Event Log Command

You will not get any success message after creation, but you can visit Event Viewer to see new log name "MyTestLogName" under "Application and Services Logs" as below:

You can have multiple Sources under one Log Name, Log Name is just a wrapper like below:

If you do not have Admin Access, you will get the below error while creating a new source:

If Source already exists in your system, it will not allow you to create new and throw the below error:

#2: Let's Move on to Second Command to Get List of All Sources Which You Have in Your System Inclusive Your Own Created Ones

Instead of visiting to Event Viewer to check newly created your own new source (shared in above section), you can just hit Get-EventLog -List command in PowerShell to get a complete list as below:

It's very simple to verify your source got created or not instantly using command prompt.

#3. Now Move On to Removal Source

If you will use Remove-EventLog -Source {your own source name}, it will just remove your Source, Log name will remain there. As you can have multiple Sources under same Log Name, that's why you can simply delete Source does not mean it will remove your Log Name as well.

See below, I have removed just Source, but Log Name is still there. Log Name is just a kind of wrapper:

#4. Last Command to Remove Log Name

You can remove your Log Name by using Remove-Eventlog -Logname {your own log name} Command. See below. This will remove your wrapper along all sources underneath.

Thanks for reading!

Points of Interest

This helps in logging your custom error from your application written in C#.

History

  • 2nd June, 2020: Version 1.0