1 $before = get-date -month 2 -day 28 -year 2013 -hour 0 -minute 0 -second 0 2 $after = get-date -Month 2 -Day 25 -Year 2013 -Hour 0 -Minute 0 -Second 0 3 $types = "System","Security","Application" 4 $users = '*user*' 5 $descs = '*169.254.4.17*' 6 <# the double backslashes are important for path #> 7 $out_dir = "C:\\dest\\directory" 8 $computers = Import-Csv 'C:\\Documents\\computers.txt' 9 $cmds=@() 10 $computers | %{ 11 $pc = $_.COMPUTER 12 $types | %{ 13 $type = $_ 14 $users | %{ 15 $user = $_ 16 $fuser = $_ -replace "\*", "" 17 $file_name = "$out_dir\\$pc" + "_" + "$fuser" + "_" + "$type" + ".csv" 18 $cmds += "Get-EventLog -ComputerName $pc -LogName $type -user $user -Before '$before' -After '$after' | Export-Csv '$file_name'" 19 } 20 $descs | %{ 21 $desc = $_ 22 $fdesc = $desc -replace "\*","" 23 $file_name = "$out_dir\\$pc" + "_" + "$fdesc" + "_" + "$type" + ".csv" 24 $cmds += "Get-EventLog -ComputerName $pc -LogName $type -Before '$before' -After '$after' -message $desc | Export-Csv '$file_name'" 25 } 26 } 27 } 28 29 $cmds | %{ 30 $now = get-date 31 Write-Host "$now ===================== Executing: $_" 32 iex $_ 33 }You can select, copy and paste the code below
Friday, March 1, 2013
powershell script to write event logs to csv format for parsing
I'm a linux guy, so give me a break if this is bad code :-P
This script pull down a list of computers, then goes through the standard event logs and does some specific searches, then dumps the contents into a parsable CSV file.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment