rleap-m · September 11, 2020 20:46
diff --git a/EventLogBackup.ps1 b/EventLogBackup.ps1

 # Followed this article: https://www.thomasmaurer.ch/2011/05/powershell-how-to-export-windows-eventlogs-with-powershell/
 [CmdletBinding()]
 param (
    [Parameter(Mandatory=$false)]
    [ValidateSet('Application','HardwareEvents','Security','System','Windows PowerShell')]
    [string] $LogFileName = 'Application'
 )

 $exportFileName = Join-Path -Path $ENV:TEMP -ChildPath ($ENV:COMPUTERNAME + '_' + $logFileName + "_" + "$(Get-Date -f yyyyMMdd).evtx")
 $logFile = Get-WmiObject -Class Win32_NTEventlogFile | Where-Object {$_.LogFileName -eq $LogFileName}
 if ($logFile) {
    $null = $logFile.BackupEventLog($exportFileName)
    if (Test-Path -Path $exportFileName -PathType Leaf) {
        Write-Host "Please attach file [$exportFileName] to case."
    }
    else {
        Write-Warning "Unable to export events to [$exportFileName]."
    }
 }
 else {
    Write-Warning "Unable to retrieve a reference to the [$LogFileName] event log."
 }

	# Followed this article: https://www.thomasmaurer.ch/2011/05/powershell-how-to-export-windows-eventlogs-with-powershell/
	[CmdletBinding()]
	param (
	[Parameter(Mandatory=$false)]
	[ValidateSet('Application','HardwareEvents','Security','System','Windows PowerShell')]
	[string] $LogFileName = 'Application'
	)

	$exportFileName = Join-Path -Path $ENV:TEMP -ChildPath ($ENV:COMPUTERNAME + '_' + $logFileName + "_" + "$(Get-Date -f yyyyMMdd).evtx")
	$logFile = Get-WmiObject -Class Win32_NTEventlogFile \| Where-Object {$_.LogFileName -eq $LogFileName}
	if ($logFile) {
	$null = $logFile.BackupEventLog($exportFileName)
	if (Test-Path -Path $exportFileName -PathType Leaf) {
	Write-Host "Please attach file [$exportFileName] to case."
	}
	else {
	Write-Warning "Unable to export events to [$exportFileName]."
	}
	}
	else {
	Write-Warning "Unable to retrieve a reference to the [$LogFileName] event log."
	}