Skip to content

Instantly share code, notes, and snippets.

@JohnLBevan

JohnLBevan/GetLogonEvents.ps1

Created July 4, 2014 17:54
Show Gist options
  • Save JohnLBevan/c1b03de73ed9a55b5cc0 to your computer and use it in GitHub Desktop.
Save JohnLBevan/c1b03de73ed9a55b5cc0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
GetLogonEvents.ps1
#requires -version 2.0
<#
author: Johan Vosloo
date: 24/11/2011
purpose: Retrieve event id’s from multiple machines and add to a CSV file.
#>
Try
{
$servers=get-content c:\scripts\servers.txt
$date=(Get-Date).AddDays(-7)
foreach ($server in $servers)
{
if (test-connection $server -quiet)
{
$arr1+=get-eventlog -logname system -cn $server -after $date | ?{$_.eventid -eq "21" -or $_.eventid -eq "4201"} | select MachineName,EventID,EntryType,Message
$arr2+=get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "902" -or $_.eventid -eq "1003"} | select MachineName,EventID,EntryType,Message
$arr3+=get-eventlog -logname "windows powershell" -cn $server -after $date | ?{$_.eventid -eq "4004"} | select MachineName,EventID,EntryType,Message
}
}
if ($arr1)
{$arr1 | export-csv c:\scripts\sysoutput.csv -notypeinformation}
else
{"No matching system log events found..."}
if ($arr2)
{$arr2 | export-csv c:\scripts\appoutput.csv -notypeinformation}
else
{"No matching application log events found..."}
if ($arr3)
{$arr3 | export-csv c:\scripts\psoutput.csv -notypeinformation}
else
{"No matching powershell log events found..."}
}
Catch
{
"An error occurred"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment