How to collect Security Event Logs for a single category via Powershell
Posted
by
Darktux
on Server Fault
See other posts from Server Fault
or by Darktux
Published on 2013-10-21T16:39:23Z
Indexed on
2013/10/21
21:55 UTC
Read the original article
Hit count: 234
I am trying to write a script which collects security log from all of our domain controllers hourly and stores them remotely; i can collect the security logs , but is there a way to collect the security logs by category or event number from the DC? please do let me know if any additional questions.
My Code:
$Eventlogs = Get-WmiObject -Class Win32_NTEventLogFile -ComputerName $computer
Foreach($log in $EventLogs)
{
if($Log.LogFileName -eq "Security")
{
$Now = [DateTime]::Now
$FileName = "Security" +"_"+$Now.Month+$Now.Day+$Now.Year+"_"+$Now.Hour+$Now.Minute+$Now.Second
$path = "\\{0}\c$\LogFolder\$folder\$FileName.evt" -f $Computer
$ErrBackup = ($log.BackupEventLog($path)).ReturnValue
if($clear)
{
if($ErrBackup -ne 0)
{
"Backup failed"
"Backup Error was " + $ErrBackup
}
}
}
}
Copy-EventLogsToArchive -path $path -Folder $Folder
}
© Server Fault or respective owner