Exchange Event Log CMDlets

Home/Exchange Server/Exchange Event Log CMDlets

Exchange Event Log CMDlets

To view only the Exchange-related services that are currently running
Get-Service *exch* | Where-Object {$_.Status -eq ‘Running’}

The following example retrieves the services from every Exchange server in the organization:
Get-ExchangeServer | ForEach-Object {Get-Service *exch* -ComputerName $_.Name |Where-Object {$_.Status -eq ‘Running’}}

Get Events after specified Date
Get-EventLog -LogName application -after 1/8/2013 | where {$_.Entrytype -eq “Error”} | ft -wrap -autosize

Get Events after specified Date and Source
Get-EventLog -LogName application -after 1/8/2013 -source MSExchangeIS | Ft -wrap -autosize

Get Events after specified Date with Source only Warning and Error
Get-EventLog -LogName application -after 1/8/2013 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize

Get Specificied number of Events with Source only Warning and Error
Get-EventLog -LogName application -Newest 50 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize

Get Application Events after specified Date and Entrytype with a Specified word in the Message Field
Get-EventLog -LogName application -after 1/8/2013 | where {$_.Entrytype -eq “Error”}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize

Get Application Events after specified Date, Source and Entrytype with a Specified word in the Message Field
Get-EventLog -LogName application -after 1/8/2013 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize

Get Event by INDEX (unique qualifier)
Get-EventLog -LogName application -index 163303 | ft -wrap -autosize

Please feel free to share.
By | 2013-07-25T04:03:12+00:00 July 25th, 2013|Exchange Server|0 Comments

About the Author:

Leave A Comment