That’s an interesting question. Perhaps you could do something with the file directly if you make sure it’s not in use. I haven’t found anything else. I even tried adding a new eventlog but I couldn’t figure out how to reference the file. Certainly it will need to be visible by get-eventlog -list, right? I hope someone can show us the way.
Seems like a lot of work when you can use a native windows EXE to accomplish the task. What would the advantages be to this solution? Just curious. Thanks.
I again pose the question, why should I not be using wevtutil.exe? Much simpler and native to windows. Seems if you went to all the trouble you did, there is a good reason I should not be using this.
[quote quote=224163]I again pose the question, why should I not be using wevtutil.exe? Much simpler and native to windows. Seems if you went to all the trouble you did, there is a good reason I should not be using this.
Thanks.[/quote]
Tony,
There are advantages to using the EXE such as compatibility with older systems like Windows 7 or 2008.
It’s certainly a valid choice for you to use the EXE
For me I try to stick to pure PowerShell. For one thing, mixing EXE’s with PS cmdlets raises unnecessary complications like passing data back and forth. It’s very common for a cmdlet to use output of the prior cmdlet as its input. To use output of an EXE poses the difficulties of a) having to parse the output as if we’re in bash on a Linux box, and b) that EXE output to be parsed may differ widely based on many conditions making the parsing unreliable at best…