Lately I had to search a lot through logs – as you can tell by all my postings… I just had to create yet another script that allows you to search through the Windows Security Eventlog – while the script is easily adjustable to other log types like application log or system log.
It’s not the most pretty script – but it certainly works. Don’t be surprised if the script takes it sweet time – it might be it needs to read through a lot of eventlog entries.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | param( [string] $RemoteComputer = "", [string] $SearchString = "", [int] $MaxAgeHours = 24, [bool] $FullDetails = $false ) $Query = @" <QueryList> <Query Id="0" Path="Security"> <Select Path="Security">*</Select> </Query> </QueryList> "@ if ($RemoteComputer.Length -gt 0){ if ($FullDetails) { Get-EventLog -LogName Security -Message "*$SearchString*" -After (Get-Date).AddHours(-$MaxAgeHours) -ComputerName $RemoteComputer |fl } else { Get-EventLog -LogName Security -Message "*$SearchString*" -After (Get-Date).AddHours(-$MaxAgeHours) -ComputerName $RemoteComputer |ft } } else { if ($FullDetails) { Get-EventLog -LogName Security -Message "*$SearchString*" -After (Get-Date).AddHours(-$MaxAgeHours) |fl } else { Get-EventLog -LogName Security -Message "*$SearchString*" -After (Get-Date).AddHours(-$MaxAgeHours) |ft } } |
