Being a computer genius involves doing some amazing things on a computer system one of which is knowing everything that happens on your computer when you are not around. you must have seen someone or some SysAdmins do this. The secret behind this is checking your event log regularly because everything that happens on your computer get logged into the event log. If you are ever going to catch your hacker, this might be your only hope, but some hackers are smart because they clear the event log when they are done, the only thing you see in the event log is an event informing you that the event log has been cleared.
To view your event logs and perform other event log related operation, open up Windows Powershell (Windows Powershell is available in 7 and above, I can't say about older Windows Operating Systems) and type the following commands:
Get-Eventlog * : This command will get you the list of log which are some how categorized according to their types. Then if want to view events based on a specific log category, you just type [get-eventlog Application] or [get-eventlog "Other Files"], you use the later when the log category name is made up of two or more words.
Clear-Eventlog: This command enables you to clear the event log, when you type this command, it will ask you to enter the log name, but if you already know the name of the log you want to clear, you can just save yourself the trouble and type every thing in one line like this: [Clear-Eventlog Application] or [Clear-Eventlog "Other files"] (provided the log name is made up of more that one word).
Trick: Sometime you might not have the time to just sit and stare at a log screen, you can print the log on a paper for better analysis by Pipe-Lining it to a printer command like this:
[Get-Eventlog Application|Out-Printer] and everything will be printed on a paper.
Note that you have to type the commands without the square brackets.
Thanks for reading.
How to view your event log
Because Windows Operating System is widely used, am going to show you how to do this in Windows using Powershell command line tool.To view your event logs and perform other event log related operation, open up Windows Powershell (Windows Powershell is available in 7 and above, I can't say about older Windows Operating Systems) and type the following commands:
Get-Eventlog * : This command will get you the list of log which are some how categorized according to their types. Then if want to view events based on a specific log category, you just type [get-eventlog Application] or [get-eventlog "Other Files"], you use the later when the log category name is made up of two or more words.
Clear-Eventlog: This command enables you to clear the event log, when you type this command, it will ask you to enter the log name, but if you already know the name of the log you want to clear, you can just save yourself the trouble and type every thing in one line like this: [Clear-Eventlog Application] or [Clear-Eventlog "Other files"] (provided the log name is made up of more that one word).
Trick: Sometime you might not have the time to just sit and stare at a log screen, you can print the log on a paper for better analysis by Pipe-Lining it to a printer command like this:
[Get-Eventlog Application|Out-Printer] and everything will be printed on a paper.
Note that you have to type the commands without the square brackets.
Thanks for reading.
Comments
Post a Comment