powershell system auditing bk, self zipping and logs it's self too

logbackup-oneliner.ps1

& {  param($excludeLogs) $d = Get-Date -Format "yyyy-MM-dd-HH-mm"; $zipPath = "D:\_audit\logs\Foo-$d.zip"; $errorLog = "D:\_audit\logs\ErrorLog-$d.txt"; $logDir = "D:\_audit\logs\Foo-$d"; $null = New-Item -ItemType Directory -Force -Path $logDir; $counter = 0; $total = (wevtutil.exe el).Count; wevtutil.exe el | ForEach-Object { $counter++; if ($Host.UI.RawUI) { Write-Progress -Activity "Processing Event Logs" -Status "$_ Processing" -PercentComplete (($counter / $total) * 100); } $time = Measure-Command { if ($_ -notin $excludeLogs) { try { $log = Get-WinEvent -LogName $_ -MaxEvents 1 -Oldest -ErrorAction SilentlyContinue; } catch { $_ >> $errorLog; continue } if ($log) { $logPath = "$logDir\$d-$($_.Replace('/', '-'))-bk.evtx"; Remove-Item -Path $logPath -ErrorAction SilentlyContinue; try { $exportResult = wevtutil.exe epl "$_" $logPath 2>&1; if ($LASTEXITCODE -eq 0) { try { Compress-Archive -Path $logPath -DestinationPath $zipPath -Update -CompressionLevel Optimal; } catch { $_ >> $errorLog; continue }; try { $clearResult = wevtutil cl "$_" 2>&1; if ($LASTEXITCODE -ne 0) { $clearResult >> $errorLog; continue } } catch { $_ >> $errorLog; continue }; Write-Host "$($_) took $($time.TotalMilliseconds) ms"; } else { $exportResult >> $errorLog } } catch { $_ >> $errorLog } } else { $_ >> $errorLog } } } }; '& { ' + $MyInvocation.MyCommand.ScriptBlock.ToString() + '} @(' + "'" + ($excludeLogs -join "', '" ) + "'" + ')' >> $errorLog; Compress-Archive -Path $errorLog -DestinationPath $zipPath -Update -CompressionLevel Optimal; Remove-Item -Path $errorLog -Force; if (Test-Path $logDir) { Remove-Item -Path $logDir -Recurse -Force }; } @('foobar','Microsoft-Windows-LiveId/Operational','Microsoft-Windows-USBVideo/Analytic')