Создание и удаление собственных журналов событий

Создание:

$strProcess = get-WmiObject win32_process | 
  select-object name | out-string
$source = "ps_script"
$log = "PS_Script_Log"

if(![system.diagnostics.eventlog]::sourceExists($source,"."))
 { 
  [system.diagnostics.eventlog]::CreateEventSource($source,$log)
 }
ELSE
 { 
  write-host "$source is already registered with another event Log" 
  EXIT
 }
    

$strLog = new-object system.diagnostics.eventlog($log,".")
$strLog.source = $source
$strLog.writeEntry($strProcess)

Удаление:

$source = "ps_script"

if([system.diagnostics.eventlog]::sourceExists($source,"."))
 { 
  $log = [system.diagnostics.eventlog]::LogNameFromSourceName($source,".")
  Write-Host "$source is currently registered with $log log."
  Write-Host -ForegroundColor red "$source will be deleted"
 [system.diagnostics.eventlog]::DeleteEventSource($source)
 }
 ELSE
  { Write-Host -ForegroundColor green "$source is not regisered" }