Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, February 21, 2020 11:17 AM
#This block formats the table that the selected objects from the log are displayed in.
$head=@'
<style>
body {
background-color:White;
}
table {
border-width: 1px;
border-style: solid;
border-color: black;
border-collapse: collapse;
}
th {
border-width: 1px;
padding: 5px;
border-style: solid;
border-color: black;
background-color:DeepSkyBlue
}
td {
border-width: 1px;
padding: 5px;
border-style: solid;
border-color: black;
background-color:PeachPuff
}
</style>
'@
$startDate = (get-date).addDays(-30)
$pre="<h4>Monthly Security Log $((get-date).ToString("MMddyyyy"))</h4>"
$filename="<Path to a local directory\Documents>\Logs\monthlyEventLog_$((get-date).ToString('MMddyyyy')).htm"
$results=Get-EventLog -LogName Security -ComputerName DCname -After $startDate |
Select-Object EventID, EntryType, Message, TimeWritten
if ($results) {
$results | ConvertTo-HTML -head $head -pre $pre |
Out-File $filename
#This command opens the log file after it has been created and saved.
. $filename
} else {
Write-Host 'No data found!'
}
I got this script on this plateform. Is there any way to export all types event logs (Security, Application, System and others) together ?
Thanks
All replies (2)
Friday, February 21, 2020 12:54 PM
Just ask for all logs.
$results = {
Get-EventLog -LogName Application
Get-EventLog -LogName System
Get-EventLog -LogName Security
}.Invoke()
Or you can use the correct command like this:
$results = Get-WinEvent -Logname Application, System, Security
You won't like the results for either method.
I recommend taking toime to learn something about the event logs. There are many blogs on this and the Microsoft site has excellent documentation on the event log system and how to use it.
The code you posted is old and there are better ways to do this. Start by learning PowerShell until you can understand the code you copy. That will prevent you rom trying to use bad code and it will prevent you from trying to do things that you probably don't what or need to do.
With the event logs I recommend that those who are not professionally trained in Windows technology should acquire a third party event log analysis tool to get useful reports on the events. For a non-trained user to learn enough to use the event system it would take as much as a year or more of training. What is really good about Windows is that there are a huge number of tools available to easy working with Windows. Even fully trained engineers look for existing tools for log analysis.
\(ツ)_/
Friday, February 21, 2020 1:05 PM
This is the better and faster method to do this:
Get-WinEvent @{Logname='Application','System','Security';StartTime=[datetime]::Today} -ComputerName DCname |
Select-Object ID, LevelDisplayName, Message, TimeCreated |
ConvertTo-HTML -head $head -pre $pre |
Out-File $filename
help Get-WinEvent -online
\(ツ)_/