在最后一天,我一直在研究一个脚本,以从各种服务器中提取日志。我已经找到了执行此操作的脚本,并已在此脚本的基础上构建。
到目前为止,我可以提取应用程序和系统日志。但是,我在提取安全日志时遇到了麻烦。如果我运行Get-EventLog Security,它就可以正常工作,但是当我尝试在下面的脚本中添加脚本时,它不会提取日志。
Set-Variable -Name EventAgeDays -Value 7 #takes events for the latest 7 days - change the number as required
Set-Variable -Name CompArr -Value @("Serv1, serv2, serv3") # replace it with the server names - FOR TESTING I HAVE USED MY MACHINE NAME
Set-Variable -Name LogNames -Value @("Application", "System") # Checking app logs, system logs and security logs
Set-Variable -Name EventTypes -Value @("Error", "Warning") # Loading only Errors and Warnings
Set-Variable -Name ExportFolder -Value "C:\test.csv" # Create excel file called "test"
$mLog_c = @() #consolidated error log
$now = Get-Date
$startdate = $now.AddDays(-$EventAgeDays)
# creates .csv file with the date and time when the script was run on
# the end of "test.csv"
$ExportFile = $ExportFolder + "Log" + $now.ToString("dd-MM-yyyy---hh-mm-ss") + ".csv"
foreach ($comp in $CompArr) {
foreach ($el in $LogNames) {
Write-Host Processing $comp\$log
$el = Get-EventLog -ComputerName $comp -Log $log -After $startdate -EntryType $EventTypes
$el_c += $el #consolidating
}
}
$log_sorted = $el_c | Sort-Object TimeGenerated #sort by time
Write-Host Exporting to $ExportFile
$log_sorted |
Select Date, ServerName, EntryType, TimeGenerated, Source, EventID,
PID, TID, Component, message |
Export-Csv $ExportFile -NoTypeInfo #EXPORT COMMAND
Write-Host Completed #Completed once finished