Created
May 28, 2023 18:34
-
-
Save kbakdev/9152824c9929f434fd1f601425b9ef15 to your computer and use it in GitHub Desktop.
Script that aggregates and exports event log data (Application, Security) from the last 5 days to a CSV file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Variable -Name EventAgeDays -Value 1 | |
| Set-Variable -Name CompArr -Value @("Localhost") | |
| Set-Variable -Name LogNames -Value @("Security", "Application") | |
| Set-Variable -Name EventTypes -Value @("Information", "Error", "Warning", "FailureAudit", "SuccessAudit") | |
| Set-Variable -Name ExportFolder -Value "C:\" | |
| $el_c = @() | |
| $now = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId($(Get-Date), [System.TimeZoneInfo]::Local.Id, 'GMT Standard Time') | |
| $startdate=$now.adddays(-5) | |
| $ExportFile=$ExportFolder + "mx_sugus_poc_" + $now.ToString("yyyy.MM.dd_hh.mm") + ".csv" | |
| foreach($comp in $CompArr) | |
| { | |
| foreach($log in $LogNames) | |
| { | |
| Write-Host Processing $comp\$log | |
| $el = get-eventlog -ComputerName $comp -log $log -After $startdate -EntryType $EventTypes -Message "*" | |
| $el_c += $el | |
| } | |
| } | |
| $el_sorted = $el_c | Sort-Object TimeGenerated | |
| Write-Host Exporting to $ExportFile | |
| $el_sorted|Select TimeGenerated, EntryType, Source, EventID, MachineName, UserName, Message | export-CSV $ExportFile -NoTypeInfo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment