#reads event logs for filter and exports to
$Date = (Get-Date).AddMinutes(-30)
$LogName = 'Security'
$ProviderName = "Microsoft-Windows-Security-Auditing"
$EventID = 6273
$computer = "server.microsoft.com"
Write-Output "Searching $computer"
$Events = Get-WinEvent -ComputerName $computer -FilterHashtable @{
LogName = $LogName
ProviderName = $ProviderName
Id = $EventID
StartTime = $Date
}
$report = @()
$Events | ForEach-Object -Process {
[xml]$ConvertedFromXML = $_.ToXml()
$params = @{}
foreach ($entry in $ConvertedFromXML.Event.EventData.Data) {
$name = $entry.Name
$Value = $entry.'#text'
$params[$name] = $Value
}
$report += [pscustomobject]$params
}
$report | Export-Csv -NoTypeInformation -Path "C:\Temp\Events.csv"
Friday, September 20, 2024
Powershell: Read windows event log remotely and write to csv
Subscribe to:
Posts (Atom)
-
Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools th... -
#reads event logs for filter and exports to $Date = ( Get-Date ).AddMinutes(-30) $LogName = 'Security' $ProviderName = ...
-
Running solidcore you may run into a problem where you have to disable it with out using epo or the local CLI Here are the steps. ...