Trawling Exchange’s Application Event Logs using Powershell

I have a particular dislike of blog sites blatantly re-posting others’ content as their own. I’m happy to re-post, with all the credit going to the original poster.

Thanks to mickjf for this post on the auTechHeads site, which I recently stumbled across whilst cursing some strange behaviour of Exchange 2010 UM.

This commandlet will trawl the machine’s Application Event Log and retrieve all of the entries that pertain to the same call.

All you have to do is find some or all of the CallId in a message and paste it into the below. You don’t need to pipe it to a file of course, but I found that an obvious omission from the original.

Get-EventLog -logname "Application" | select TimeWritten,EventID,Message | where-object{$_.Message  -like "*29853-1a6920110124163550031*"} | fl > c:\log-extract.txt

– G.

Leave a Reply

Your email address will not be published. Required fields are marked *

... and please just confirm for me that you're not a bot first: Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.