-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathexport_log.ps1
29 lines (24 loc) · 1.14 KB
/
export_log.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Capture the script start time
$ScriptStartTime = Get-Date
# Set output location for CSV files.
$LogOutputDirectory = 'C:\data\Windows Event Log Export'
# Define Windows event log types to export.
$EventTypesToExport = @('Application', 'Security', 'Setup', 'System', 'ForwardedEvents')
foreach ($EventType in $EventTypesToExport)
{
# Build the file path for the current log topic.
$LogOutputTopic = "Windows Event Log - $EventType"
$CurrentTimeUTC = Get-Date -Format FileDateTimeUniversal
$LogOutputFileName = "$CurrentTimeUTC - $LogOutputTopic"
$LogOutputCSVFilePath = "$LogOutputDirectory\$LogOutputFileName.csv"
# Create a CSV version of the log data.
Write-Output "Creating CSV version of Windows event log of type $EventType."
Write-Output 'Target CSV file path:'
Write-Output "$LogOutputCSVFilePath"
Get-WinEvent -LogName $($EventType) | Export-CSV "$LogOutputCSVFilePath"
Write-Output 'Finished creating CSV file.'
}
# Calculate script run time.
$ScriptEndTime = Get-Date
$ScriptDuration = New-Timespan -Start $ScriptStartTime -End $ScriptEndTime
Write-Output "Log export process execution time: $ScriptDuration."