Chapter 3 Security Evaluation 29 Copyright Goodheart-Willcox Co., Inc. May not be reproduced or posted to a publicly accessible website. Name ________________________________________________________________ Date ________________________ Class ________________ Lab 3-5 Event Logging with PowerShell Integral to the responsibilities of a network manager is the ability to read and analyze data logs that are located on workstations and servers. Windows error logs are examples of the type of information a network manager must understand. In this activity, you will evaluate error logs found on a Windows system with the use of PowerShell. Learning Goals • Identify event logs in Microsoft Windows including PowerShell. • Analyze event logs in Microsoft Windows including PowerShell. Materials • Virtual machine or other machine for which you have administrator permissions • Microsoft Windows 10 • Microsoft Excel or other spreadsheet software Procedures 1. Click the Windows Start button, and enter event viewer in the search bar. Select the Event Viewer application in the search results. 2. Minimize the Event Viewer, and launch PowerShell ISE. 3. The write-host cmdlet displays information on the screen similar to the echo command in batch files. In the script pane, you will create a script with the following content, and save the script with the name Warnings in your working folder. clear-host write-host “Check event log for warning information.” 4. Switch to the Event Viewer. For some errors or events, you may want immediate notification. The script you just created can be assigned as a task to run when an event ID is recorded. Expand Windows Logs, and select the System log. 5. Right-click on a warning event, and click Attach Task To This Event… in the shortcut menu to launch a wizard. 6. Click the Next button on the first two pages of the wizard to accept the defaults. 7. On the third page of the wizard, click the Start a program radio button. Then, click the Next button.