Created
January 15, 2018 18:01
-
-
Save VimalShekar/0513fe1170be0b818bbf6d63713b7198 to your computer and use it in GitHub Desktop.
Enabling or Disabling a given Event Viewer Channel using Powershell
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Function to enable or disable Event channels in Windows | |
| # | |
| function ConfigureEventChannel | |
| { | |
| param( | |
| [string] $logName, | |
| [switch] $Disable | |
| ) | |
| $bIsDotNet35Above = IsDotNetVersion35 | |
| Write-host "ConfigureEventChannel: $($LogNameArray.Count) channels in array..." | Out-Null | |
| #foreach($logName in $LogNameArray) | |
| #{ | |
| if([string]::IsNullOrEmpty($logName)) | |
| { | |
| Write-host "ConfigureEventChannel: Logname was empty..." | Out-Null | |
| continue | |
| } | |
| try { | |
| if( $bIsDotNet35Above ) { | |
| $log = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration $logName | |
| if($Disable) | |
| { | |
| Write-host "ConfigureEventChannel: Setting $logName to disabled state..." | Out-Null | |
| $log.IsEnabled=$false | |
| } else { | |
| Write-host "ConfigureEventChannel: Setting $logName to enabled state..." | Out-Null | |
| $log.IsEnabled=$true | |
| } | |
| $log.SaveChanges() | |
| Write-host "ConfigureEventChannel: Operation completed..." | Out-Null | |
| } | |
| else { | |
| if($Disable) | |
| { | |
| Write-host "ConfigureEventChannel: Setting $logName to disabled state..." | Out-Null | |
| Execute-Cmd -CmdTool "C:\Windows\System32\wevtutil.exe" -ArgumentsToExecute "sl $logName /e:false" | |
| } else { | |
| Write-host "ConfigureEventChannel: Setting $logName to enabled state..." | Out-Null | |
| Execute-Cmd -CmdTool "C:\Windows\System32\wevtutil.exe" -ArgumentsToExecute "sl $logName /e:true" | |
| } | |
| Write-host "ConfigureEventChannel: Operation completed..." | Out-Null | |
| } | |
| } | |
| catch { | |
| Write-host "ConfigureEventChannel: Exception when trying to enable $logName channel -- Details: $($_.Exception.Message)" | Out-Null | |
| } | |
| } | |
| # Sample Usage: | |
| # | |
| # To enable admin logging for Windows print Service | |
| # ConfigureEventChannel -Logname "Microsoft-Windows-PrintService/Admin" | |
| # | |
| # To disable | |
| # ConfigureEventChannel -Logname "Microsoft-Windows-PrintService/Admin" -Disable | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment