How can I generate Windows Logs for testing purposes?
Well, not sure why EventCreate won't work for you. That will write to the System log. You could use PowerShell, which is pretty much the new answer for doing anything.
Stolen from http://winpowershell.blogspot.com/2006/07/writing-windows-events-using.html
$evt = new-object System.Diagnostics.EventLog("Application")
$evt.Source = "MyEvent"
$infoevent = [System.Diagnostics.EventLogEntryType]::Information
$evt.WriteEntry("My Test Event",$infoevent,70)
Related videos on Youtube
07 : 21
04 : 25
08 : 00
03 : 56
![How to check application logs in Windows 10 [Event Viewer] | Unlimited Solutions](https://i.ytimg.com/vi/TMpLx3SXuNk/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBrisWO8DmRyqA1AjNcQOmGfpuzqw)
02 : 56
thepocketwade
Updated on September 17, 2022Comments
-
thepocketwade almost 2 years
I'm trying to test some Splunk-y things with my Windows logs. But I want to be sure of the logs that are coming in so I can be sure I'm keeping and discarding logs properly. What I'm really looking for is something like the Windows (7, if possible) equivalent of 'logger' on unix/linux.
I found EventCreate, but as far as I can tell, I'd need to change some of my Splunk configs to use that data.
Does such a thing exist?
EDIT
I should include that my hope is to write to the system and/or security logs. I realize that being able to do that presents some risks, but I'm hoping it's possible.
-
thepocketwade over 13 yearsNo, I've got the transmission covered. What I'm looking for is a mechanism to fabricate logs for testing purposes. So I could (for example) create a log with eventcode=681 and send it to the EventLog. Then when the splunk client sends it off I can ascertain the processing of the log.