Friday, September 20, 2024

Powershell: Read windows event log remotely and write to csv

 #reads event logs for filter and exports to


$Date = (Get-Date).AddMinutes(-30)

$LogName = 'Security'

$ProviderName = "Microsoft-Windows-Security-Auditing"

$EventID  = 6273

$computer = "server.microsoft.com"

Write-Output "Searching $computer"


 $Events = Get-WinEvent -ComputerName $computer -FilterHashtable @{

    LogName = $LogName

    ProviderName = $ProviderName

    Id = $EventID

    StartTime = $Date

}


 


$report = @()

$Events | ForEach-Object -Process {

    [xml]$ConvertedFromXML = $_.ToXml()

    $params = @{} 


    foreach ($entry in $ConvertedFromXML.Event.EventData.Data) {

        $name = $entry.Name

        $Value = $entry.'#text'

        $params[$name] = $Value

    }

    

    $report += [pscustomobject]$params


}


 


$report | Export-Csv -NoTypeInformation -Path "C:\Temp\Events.csv"