电源外壳 Export remote PC event logs to local PC.
1. 打开 电源外壳 ISE with an account that has local admin access to remote PCs.
笔记: You also need to have the Sysinternals Tools installed and be able to call psloglist with a prior reference to its path pre-defined:
Set-Alias psloglist c:\windows\system32\psloglist.exe
2. Function calls for remote System Event logs;
Replace the REMOTE-PCNAME with the NetBIOS name of the PC you want to connect to and extract the logs from. 这 “start notepad” command should then open the 日志档案 on your PC to review. 还, you can change the last string or even delete it if you use another tool for logs. (举个例子 Cmtrace 或者 Notepad++)
function GetSysEventLogs
{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host "Please enter the number of days of logs to extract"
psloglist \\REMOTE-PCNAME -d $getDayDuration -s system > c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt
Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt"
start notepad c:\logs\REMOTE-PCNAME-sysevtlogs-$currDate.txt
}
3. Function calls for remote Application Event logs;
function GetAppEventLogs
{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host "Please enter the number of days of logs to extract"
psloglist \\REMOTE-PCNAME -d $getDayDuration -s application > c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt
Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt"
start notepad c:\logs\REMOTE-PCNAME-appevtlogs-$currDate.txt
}
4. Function calls for remote Security Event logs;
function GetSecEventLogs
{
$currDate = get-date -format MMddyyyy
$getDayDuration = Read-Host "Please enter the number of days of logs to extract"
psloglist \\REMOTE-PCNAME -d $getDayDuration -s security > c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt
Write-Host "Event logs saved to c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt"
start notepad c:\logs\REMOTE-PCNAME-secevtlogs-$currDate.txt
}
Steps that this script do:
1) Prompt you for how many days of logs you want to extract out
2) Connect to the remote machine
3) Export the specific 日志 到一个 *.TXT 文件
4) Copy the 日志 back to your computer into c:\logs\
5) Open the file in Notepad