Powershell Events IDs

Question

Is there a way to query all or most of the powershell and powershell operational event ids?

lainrobertson · Answer

nahuu810&nbsp;&nbsp;As far as I'm aware, this isn't possible as there's no interface for pulling all event definitions out from a provider.&nbsp;Additionally, not all providers work from a predefined list of events. I've seen many that purely function as loggers of results for which the numeric event ids are useless.&nbsp;The only thing you can do is see if Microsoft has documented a list of events, but I have never seen a way to pull such metadata programmatically.&nbsp;Cheers,Lain

jimcesseg · Answer

nahuu810&nbsp;&nbsp;You can try it with this:&nbsp;Get-EventLog -LogName "Windows PowerShell" &nbsp;https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_eventlogs?view=powershell-5.1&nbsp;Please let us know if that works for you.&nbsp;&nbsp;

harm_veenstra · Answer

nahuu810&nbsp;I wrote a blog about that recently,&nbsp;https://powershellisfun.com/2023/08/23/retrieve-local-and-remote-powershell-logs/&nbsp;, perhaps that will help you?&nbsp;Please click Mark as Best Response &amp; Like if my post helped you to solve your issue.This will help others to find the correct solution easily. It also closes the item.If the post was helpful in other ways, please consider giving it a Like.

nahuu810 · Answer

hi!&nbsp;Jimcesseg&nbsp;thanks for your answer!&nbsp;This command only shows the event ids of the logs that the PC has recorded. I want to know all the event ids that exist for powershell and powershell-operational regardless of whether or not they were found on my pc

Forum Discussion

Powershell Events IDs

4 Replies

Resources