PowerShell Export remote PC event logs to local PC

PowerShell Export remote PC event logs to local PC.

1. Open Powershell ISE with an account that has local admin access to remote PC’s.

NOTE: You also need to have the Sysinternals Tools installed and be able to call psloglist with a prior reference to it’s path pre-defined:

Set-Alias psloglist c:\windows\system32\psloglist.exe

2. Function calls for remote System Event logs;

Replace the REMOTE-PCNAME with the NETBIOS name of the PC you want to connect to and extract the logs from. The “start notepad” command should then open the log file on your PC to review. Also you can change last string or even delete, if you use another tool for logs. (as example Cmtrace or Notepad++)

function GetSysEventLogs

{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host “Please enter the number of days of logs to extract”
psloglist \\REMOTE-PCNAME -d $getDayDuration -s system > c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt
Write-Host “Event logs saved to c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt”
start notepad c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt

}

3. Function calls for remote Application Event logs;

function GetAppEventLogs

{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host “Please enter the number of days of logs to extract”
psloglist \\REMOTE-PCNAME -d $getDayDuration -s application > c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt
Write-Host “Event logs saved to c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt”
start notepad c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt

}

4. Function calls for remote Security Event logs;

function GetSecEventLogs{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host “Please enter the number of days of logs to extract”
psloglist \\REMOTE-PCNAME -d $getDayDuration -s security > c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt
Write-Host “Event logs saved to c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt”
start notepad c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt

}

Steps that this csript do::
1) Prompt you for how many days of logs you want to extract out
2) Connect to the remote machine
3) Export the specific log to a *.TXT file
4) Copy the log back to your computer into c:\logs\
5) Open the file in Notepad

You might also like

Leave a Reply

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More