With Get-EventLog, you can easily dump the content for any given event log, however if you’d like to directly access a given event log, you can only use the -List parameter to dump them all, then pick the one you are after:
$SystemLog = Get-EventLog -List | Where-Object { $_.Log -eq 'System' } $SystemLog
A more direct way uses casting, like this:
$systemLogDirect = [System.Diagnostics.EventLog]'System' $systemLogDirect
Simply “convert” the event log name into an object of “EventLog” type. The result looks similar to this and provides information about the number of entries and the log file size:
PS> $systemLogDirect Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 20.480 0 OverwriteAsNeeded 19.806 System
