Problem viewing newly created new event logs

by willsteele at 2012-08-23 13:28:20

I am trying to set up a portion of a script to handle autogeneration of a new event log on Server 2008 R2 boxes dynamically. In this case, we want to use the event logs on a pair of clustered boxes to serve as long term storage for processing. To try and test on my laptop first I wrote the following, but, after running, I cannot find the new log that was supposed to have been created. At least, I don’t see it in the event log manager. Below is the set of commands I am using to set up logs if none exist.

# Test to see if new log exists
if((Get-EventLog -LogName * | Where -Property Log -eq -Value ‘Zip Import’) -eq $null)
# Create new log
Write-Output “Creating a new event log ‘Zip Import’.”;
New-EventLog -LogName ‘Zip Import’ <br> -ComputerName $env&#58;COMPUTERNAME
-Source ‘Zip Import’
# Log already exists
Write-Output “The event log ‘Windows PowerShell’ already exists.”;
Write-EventLog -LogName “Zip Import” <br> -ComputerName $env&#58;COMPUTERNAME
-EventId 1000 <br> -Source &quot;Zip Import&quot;
-Message “The event log ‘Windows PowerShell’ already exists.”;

When I navigate to the logs directory, C:\Windows\System32\winevt\Logs, I do see the physical log. It simply doesn’t appear in the management console for the machine. Also, I can query for events with Get-EventLog -LogName ‘Zip Import’ and it returns events. Now, I am comfortable using PowerShell to view events, but, other team members will want to be able to view it in the MMC. Any tips on getting it to display in both?

Also, any suggestions on how to improve the creation/set up/testing of event logs? This is something I know about in theory, but, have not really gotten into much yet.
by jonhtyler at 2012-08-24 04:07:20
I tried your code on my machine and the log shows up in Event Viewer > Application and Service Logs > Zip Import. Are you looking in the “Windows Logs” folder perhaps?
by willsteele at 2012-08-24 06:08:03
Now it does. Not sure why it didn’t before. I’ll keep testing it to see what the deal is. Maybe it has to do with not having any events.
by poshoholic at 2012-08-24 09:07:43
IIRC custom event logs that are empty don’t appear in the Windows Event Viewer. That definitely rings a bell.
by jonhtyler at 2012-08-24 17:07:56
When I tested it this morning, I added the event log and found it on the file system and on the location I mentioned above (Event Viewer > Application and Service Logs > Zip Import). I had not put any events into it yet, but did so after finding it to test through the scenario. Really not sure why it would not show up for you.