#reads event logs for filter and exports to
$Date = (Get-Date).AddMinutes(-30)
$LogName = 'Security'
$ProviderName = "Microsoft-Windows-Security-Auditing"
$EventID = 6273
$computer = "server.microsoft.com"
Write-Output "Searching $computer"
$Events = Get-WinEvent -ComputerName $computer -FilterHashtable @{
LogName = $LogName
ProviderName = $ProviderName
Id = $EventID
StartTime = $Date
}
$report = @()
$Events | ForEach-Object -Process {
[xml]$ConvertedFromXML = $_.ToXml()
$params = @{}
foreach ($entry in $ConvertedFromXML.Event.EventData.Data) {
$name = $entry.Name
$Value = $entry.'#text'
$params[$name] = $Value
}
$report += [pscustomobject]$params
}
$report | Export-Csv -NoTypeInformation -Path "C:\Temp\Events.csv"
Showing posts with label event. Show all posts
Showing posts with label event. Show all posts
Friday, September 20, 2024
Powershell: Read windows event log remotely and write to csv
Subscribe to:
Comments (Atom)