Listar y exportar Events ID usando PowerShell

Descripción:

En esta nota vamos a listar y exportar solo los Events ID con error usando PowerShell.

Detalles:

Host type: Virtual Machine
Operating System: Windows Server 2016
Type: Domain Controller
Rol: ADDS

Aclaración: 

Estaremos usando lo marcado en rojo de la consola de Event Viewer.

Application

Get-WinEvent -Filterhashtable @{logname="application";level=2} -MaxEvents 10

System

Get-WinEvent -Filterhashtable @{logname="system";level=2} -MaxEvents 10


Exportar a txt

Get-WinEvent -Filterhashtable @{logname="system";level=2} -MaxEvents 10 > c:\tmp\system.txt


DFS Replication

Get-EventLog -LogName 'DFSR Replication' -EntryType error -Newest 10 | select  entrytype,eventid,source, timegenerated > c:\tmp\dfsr.txt

Directory Service

Get-EventLog -LogName 'Directory Service' -EntryType error -Newest 10 | select  entrytype,eventid,source, timegenerated > c:\tmp\ds.txt

DNS Server

Get-EventLog -LogName 'DNS Server' -EntryType error -Newest 10 | select  entrytype,eventid,source, timegenerated > c:\tmp\dns.txt

Microsoft-Windows-GroupPolicy/Operational

Get-WinEvent -Filterhashtable @{logname="Microsoft-Windows GroupPolicy/Operational";level="2"} -MaxEvents 10 | select leveldisplayname,id,timecreated > c:\tmp\gpo.txt


Cuando no encuentra ninguno con error muestra de la siguiente manera 


Referencias

Get-EventLog


Get-WinEvent

Reading from the Event Log


Event types