Friday, March 1, 2013

powershell script to write event logs to csv format for parsing

I'm a linux guy, so give me a break if this is bad code :-P This script pull down a list of computers, then goes through the standard event logs and does some specific searches, then dumps the contents into a parsable CSV file.
 1 $before = get-date -month 2 -day 28 -year 2013 -hour 0 -minute 0 -second 0 
 2 $after = get-date -Month 2 -Day 25 -Year 2013 -Hour 0 -Minute 0 -Second 0 
 3 $types = "System","Security","Application" 
 4 $users = '*user*' 
 5 $descs = '*169.254.4.17*'
 6 <# the double backslashes are important for path #> 
 7 $out_dir = "C:\\dest\\directory" 
 8 $computers = Import-Csv 'C:\\Documents\\computers.txt'  
 9 $cmds=@() 
10 $computers | %{ 
11    $pc = $_.COMPUTER 
12    $types | %{ 
13       $type = $_ 
14       $users | %{ 
15          $user = $_ 
16          $fuser = $_ -replace "\*", "" 
17          $file_name =  "$out_dir\\$pc" + "_" + "$fuser" + "_" + "$type" + ".csv" 
18          $cmds += "Get-EventLog -ComputerName $pc -LogName $type -user $user -Before '$before' -After '$after' | Export-Csv '$file_name'"  
19       } 
20       $descs | %{ 
21          $desc = $_ 
22          $fdesc = $desc -replace "\*","" 
23          $file_name =  "$out_dir\\$pc" + "_" + "$fdesc" + "_" + "$type" + ".csv" 
24          $cmds += "Get-EventLog -ComputerName $pc -LogName $type -Before '$before'  -After '$after' -message $desc  | Export-Csv '$file_name'" 
25       } 
26    } 
27 } 
28 
29 $cmds | %{ 
30    $now = get-date 
31    Write-Host "$now ===================== Executing: $_" 
32    iex $_ 
33 }
You can select, copy and paste the code below

No comments:

Post a Comment