powershell - Get-EventLog - valid message missing for some event log sources -


i'm pulling , filtering system event log data using get-eventlog. i'm finding get-event log not able correctly return message associated entries. these entries appear in event log viewer. e.g.

get-eventlog -logname system | ? { $_.source -eq "microsoft-windows-kernel-general" }

returns 8 entries, of have message of following form: 

the description event id '12' in source 'microsoft-windows-kernel-general' cannot found.   local computer may not have necessary registry information or message dll files display message, or may not have permission access them.   following information part of event:'6', '1', '7601', '18798', '1', '0', '2015-06-13t08:33:32.359599800z'

if filter system event log same source, can see formed message. e.g 

the operating system started @ system time ‎2015‎-‎06‎-‎13t08:33:32.359599800z.

i ran following see if other providers unable return valid event messages:

get-eventlog -logname system | ? { $_.message -like "the description event id*" }  | group-object -property source | select-object -property name  name ---- microsoft-windows-kernel-general dcom winrm microsoft-windows-iphlpsvc

i checked in event log viewer find corresponding entries dcom, winrm , iphlpsvc sources , confirmed correct message visible.

i've run test scripts in admin-level powershell console.

any ideas?

edit: further research has revealed psloglist appears suffer same problem, whereas wevtutil not.

edit: following suggestion windos, tried get-winevent. had tried , found return no message data @ all. tried again , found same result. tried 

get-winevent -providername "microsoft-windows-kernel-general"

which produced following error 

could not retrieve information microsoft-windows-kernel-general provider. error: locale specific resource desired message not present.

a little googling led me 'https://p0w3rsh3ll.wordpress.com/2013/12/13/why-does-my-get-winevent-command-fail/' had experienced same error message. suggested due regional settings. i'm in australia, 'format' setting in control panel 'english (australia)'. changed 'english (united states)', launched new ps console, confirmed get-culture in , re-ran get-winevent commands.

get-winevent -providername "microsoft-windows-kernel-general" | select-object -property message

lo , behold ...

message ------- system time has changed ?2015?-?07?-?12t01:06:52.405000000z ?2015?-?07?-?12t01:05:51.764208900z. system time has changed ?2015?-?07?-?12t01:05:09.671000000z ?2015?-?07?-?12t01:04:09.226010500z. system time has changed ?2015?-?07?-?12t01:03:49.119000000z ?2015?-?07?-?12t01:02:48.060593100z. system time has changed ?2015?-?07?-?12t01:02:32.128000000z ?2015?-?07?-?12t01:01:29.610105600z. system time has changed ?2015?-?06?-?13t08:41:12.267000000z ?2015?-?06?-?13t08:41:12.404273100z. operating system started @ system time ?2015?-?06?-?13t08:33:32.359599800z. operating system shutting down @ system time ?2015?-?06?-?13t08:33:05.091743100z. system time has changed ?2015?-?06?-?13t08:32:58.947000000z ?2015?-?06?-?13t08:32:58.947959900z.

sadly though - no change got get-eventlog

get-eventlog -logname system | ? { $_.source -eq "microsoft-windows-kernel-general" } | select-object -property message  message ------- description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m... description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m... description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m... description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m... description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m... description event id '12' in source 'microsoft-windows-kernel-general' cannot found.  local computer ... description event id '13' in source 'microsoft-windows-kernel-general' cannot found.  local computer ... description event id '1' in source 'microsoft-windows-kernel-general' cannot found.  local computer m...

not sure on how or why, looks if opt get-winevent rather get-eventlog you'll info you're after.

it should noted when changing commands 'source' parameter known 'providername' command becomes:

get-winevent -logname system | { $_.providername -eq 'microsoft-windows-kernel-general' }

Comments

Post a Comment

Popular posts from this blog

javascript - Using jquery append to add option values into a select element not working -

i'm looking dynamically populate select element names of items stored array. for reason it's not working , i'm not sure why. html: <div class="col-md-4 col-md-offset-4"> <select class="select1"> </select> , <select class="select2"> </select> </div> note i'm using bootstrap layout. here's jquery i'm using try , populate ".select1" jquery: select: function() { $.each(state.greens, function(index, value) { $(".select1").append("<option value =' " + index + " '>" + state.greens[index].name + "</option>"); }); } note function 'select' stored within object called 'display'. state.greens name of array i'm trying access. so @ end of html page call display.select(); call function. no error messages showing in console. also, saw question: appending
Read more

Android soft keyboard reverts to default keyboard on orientation change -

i'm building android soft keyboard , can't seem fix bug - have arabic , qwerty keyboard , when rotate device on qwerty keyboard (or arabic shift), it's if program has "restarted" , becomes arabic keyboard without shift. the onsaveinstancestate(bundle savedinstancestate) not work because application not extend activity inputmethodservice . i put following in android manifest android:configchanges="keyboard|keyboardhidden|orientation" android:windowsoftinputmode="stateunchanged|adjustresize"> i tried using @override public void onconfigurationchanged(configuration newconfig) { super.onconfigurationchanged(newconfig); log.i(mydebug, "config changed " + currentkeyboard.equals(qwerty)); } however, currentkeyboard.equals(qwerty)) results false , made sure true before orientation change. any appreciated. i think applications fault. if application restarting on orientation change
Read more

jquery - javascript onscroll fade same class but with different div -

i new @ javascript , want learn new. there wrong code : why div fades @ same time. i want ask how fade different div s same class name.can me , explain me. thanks in advance. javascript: $(window).scroll(function(){ if ($( "div.fade" ).offset().top - $(window).scrolltop() <= 100){ $('.fade').addclass( "fade-in"); } else { $('.fade').removeclass("fade-in"); } }); here jsfiddle onscroll = function () { var scrolltop = $(this).scrolltop() ; $("div.fade").each(function(){ if(($(this).offset().top - scrolltop) <= 100){ $(this).toggleclass("fade-in"); } }) }
Read more