Project

PSEventViewer

PSEventViewer (Get-Events) is really useful PowerShell wrapper around Get-WinEvent. One of the features you may be interested in is a simple way of getting “hidden” events data

View on GitHub Releases Get package

Stars125

Forks22

Open issues0

PowerShell Gallery downloads1037716

ReleasePSEventViewer-v3.4.1

Language: C# Updated: 2026-03-30T08:50:25.0000000+00:00

Curated Examples

Watch logon events

Use PSEventViewer to watch selected Security log events.

This pattern is useful during a short troubleshooting window where new logon success or failure events matter.

It comes from the source example at Modules/PSEventViewer/Examples/Example.WatchBasic.ps1.

When to use this pattern

You need to observe new events instead of querying old ones.
You are watching a known machine and log.
The action should run only for a bounded period.

Example

Import-Module PSEventViewer

$action = {
    param($Event)
    Write-Host "Found event $($Event.Id) on $($Event.Computer)"
}

$watcher = Start-EVXWatcher -Name 'BasicWatcher' -MachineName $env:COMPUTERNAME -LogName 'Security' -EventId 4624, 4625 -Action $action

Start-Sleep -Seconds 30
Get-EVXWatcher -Id $watcher.Id | Format-List
Stop-EVXWatcher -Id $watcher.Id

What this demonstrates

starting a watcher for selected event IDs
handling new events with a script block
stopping the watcher after a short window

Source

Example.WatchBasic.ps1