How to get event message using Powershell?

Question

$FilterXML = '<QueryList>
                <Query Id="0" Path="System">
                    <Select Path="System">*[System[Provider[@Name="Service Control Manager"] and (Level=2)]]</Select>
                </Query>
             </QueryList>'
$Errors = Get-WinEvent -FilterXml $FilterXML
$Errors = $Errors | ?{ $_.ToXml().Contains("SomeService") }

Problem is that for every object, Message property is null. I can get some info using method .ToXml(), but I can't get message that you could see in windows event viewer under general tab.

If I use Get-EventLog cmdlet, the message property returns string about some error.

The description for Event ID '-1073734793' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or mess age DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'SomeService', '2', '0', '3', 'Run the configured recovery program'

manojlds · Accepted Answer · 2011-08-24 22:33:45Z

3

Try something like this, which I believe is equivalent to what you were trying.

get-winevent -FilterHashtable  @{LogName="System";ProviderName="Service Control Manager";Level=2} | ?{$_.message -match "someservice"}

I suppose Get-WinEvent is able to read those that come as "error message":

I tried two equivalent commands. Got the expected message with Git-WinEvent and the "error" message that you got with Get-EvenLog:

get-eventlog -LogName System | ?{$_.eventid -eq 10016} | select message

enter image description here

get-winevent -LogName System  | ?{$_.id -eq 10016} | select message

enter image description here

edited Aug 24, 2011 at 22:33

answered Aug 24, 2011 at 20:50

manojlds

303k66 gold badges482 silver badges426 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Primoz Over a year ago

Yes we are talking about the same thing. Problem is that for some services this works and for others it doesn't.

manojlds Over a year ago

@Primoz - Did you see my updated answer? Seems like you do not have the permission to see some of the messages, as indicated by: you may not have permission to access them.

Primoz Over a year ago

I'll check as soon as possiblle. Thank you very much for you effort.

Shay Levy · Accepted Answer · 2011-08-25 08:40:52Z

1

Can you get the message with WMI?

Get-WmiObject Win32_NTLogEvent -Filter "Logfile='system' AND SourceName='Service Control Manager' AND Message LIKE '%SomeService%'" | select Message

answered Aug 25, 2011 at 8:40

Shay Levy

128k33 gold badges193 silver badges210 bronze badges

Collectives™ on Stack Overflow

How to get event message using Powershell?

2 Answers 2

3 Comments

Comments

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

3 Comments

Comments

Related