Reading Windows Event Log for Oracle Databases

Mythological creatures take many forms. Some have horns and hooves. Some have bodies combined from the union of different species. Some have scales and wings and breath fire.

I'm that rarest of all mythological creatures: The sort who runs production Oracle databases on Windows :-D

As such, I find it useful to frequently consult the Application Event log for information on what sorts of ridiculous things are being done to my precious databases outside of my control. 

Each Oracle database logs major events (such as shutdown and startup) to the application event log in Windows.

I can retrieve these via the normal GUI route ( Instructions at bottom) 

However, I've added yet another quirk to my mythical creature profile: I'm a Windows guy who HATES pointing and clicking. 

So, here is how you can get the event viewer information using PowerShell.

Getting Event Log info with PowerShell

PowerShell provides a handy-dandy commandlet for this purpose: Get-EventLog. ( full reference )

We can refine this further for our use by:

1. Filtering on the source information we want. In this case, we'll use -Source oracle.db01 to get event log entries from the db01 database.
2. Selecting only the entries from the last 24 hours. We can do this by piping the original output to the Where-Object cmdlet, and filtering the TimeGenerated property using AddDays. 
3. Finally, we can export this to a .csv file by piping to Export-Csv.

Example on local computer: 

Get-EventLog -Source oracle.db01 -LogName Application | Where-Object -Property TimeGenerated -gt (get-date).AddDays(-1) | Export-Csv C:\Temp\db01ErrorLog.csv

Remote Computer

If the environment you work in allows it (for security reasons), you can pass -ComputerName parameter to the Get-EventLog command to retrieve this information to you local workstatation.

Example:

Get-EventLog -ComputerName MySvrName -Source oracle.db01 -LogName Application | Where-Object -Property TimeGenerated -gt (get-date).AddDays(-1) | Export-Csv C:\Temp\db01ErrorLog.csv

Viewing Oracle database event in Event viewer via GUI

1. Open Event Viewer (Windows Server 2019 pictured. For other versions, execute eventvwr.exe from start->RUN, or a cmd or PowerShell window, preferrably running as administrator)
2. Look for entries that have a source named Oracle.YourDbName.
1. For example, if your db is named ABC123, you'll be looking for Oracle.ABC123
3. This will tell you interesting things about restarts, commands executed, and errors. For instance, in the screenshot above, I have some archive log operation errors that I need to investigate.