NAME
New-EventLogWatcher

SYNOPSIS
Creates a new EventLogWatcher object based on the information specified.

SYNTAX
New-EventLogWatcher [-EventLogQuery]<EventLogQuery> [[-BookmarkToStartFrom] <EventBookmark>] [<CommonParameters>]


DESCRIPTION
The New-EventLogWatcher function creates a new EventLogWatcher object
[System.Diagnostics.Eventing.Reader.EventLogWatcher] based on the information specified by the input parameters.
The resulting object EventRecordWritten Event can be registered to perform a given action when triggered.

IMPORTANT: The EventLogWatcher must be enabled for any events to be triggered, but this SHOULD NOT be done until
the Event is registered. If the EventLogWatcher is enabled prior to the EventRecordWritten Event being
registered, then the EventLogWatcher will process through Windows Event Log events without being captured.

To ENABLE the returned EventLogWatcher:
$EventLogWatcher.Enabled = $True

To DISABLE the returned EventLogWatcher:
$EventLogWatcher.Enabled = $False


PARAMETERS
-EventLogQuery <EventLogQuery>
Specifies a query for the event subscription. When an event is logged that matches the criteria expressed
in the query, then the EventRecordWritten Event is raised.

An EventLogQuery can be created using New-EventLogQuery.

Required? true
Position? 1
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters?

-BookmarkToStartFrom <EventBookmark>
The bookmark (placeholder) used as a starting position in the event log or stream of events. Only events
that have been logged after the bookmark event will be returned by the query.

An EventBookmark can be retrieved using Get-BookmarkToStartFrom.

DEFAULT = $Null

Required? false
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters?

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".


-------------------------- EXAMPLE 1 --------------------------

C:\PS>$EventLogWatcher = New-EventLogWatcher $EventLogQuery


Description
-----------
This example creates an EventLogWatcher object based on the information provided in the EventLogQuery object.
Since there is no EventBookmark provided, the EventLogWatcher will start at the first event when enabled.





-------------------------- EXAMPLE 2 --------------------------

C:\PS>$EventLogWatcher = New-EventLogWatcher $EventLogQuery $BookmarkToStartFrom


Description
-----------
This example creates an EventLogWatcher object based on the information provided in the EventLogQuery object.
The EventLogWatcher will begin from the EventBookmark placeholder provided in BookmarkToStartFrom.

Last edited Jun 15, 2011 at 9:25 PM by sgrinker, version 3

Comments

No comments yet.