jranil · March 15, 2025 16:22 · jranil · Mar 15, 2025
diff --git a/EventLogSummary.ps1 b/EventLogSummary.ps1
 # Script to extract first and last event times from Windows System logs for the last 30 days
 # For Temporary bypass (single session) run the command below
 # Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

 # Get current date for calculation
 $today = Get-Date
 $startDate = $today.AddDays(-30)

 # Initialize array to store results
 $results = @()

 # Loop through each of the past 30 days
 for ($i = 0; $i -lt 30; $i++) {
    $date = $today.AddDays(-$i)
    $dayStart = Get-Date -Year $date.Year -Month $date.Month -Day $date.Day -Hour 0 -Minute 0 -Second 0
    $dayEnd = $dayStart.AddDays(1).AddSeconds(-1)
    
    # Format date for output
    $dateString = $dayStart.ToString("yyyy-MM-dd")
    
    Write-Host "Processing $dateString..."
    
    # Query Windows System logs for the specific day
    $events = Get-WinEvent -FilterHashtable @{
        LogName = 'System'
        StartTime = $dayStart
        EndTime = $dayEnd
    } -ErrorAction SilentlyContinue
    
    if ($events -and $events.Count -gt 0) {
        # Get first and last events (events are returned in reverse chronological order)
        $firstEvent = ($events | Select-Object -Last 1).TimeCreated
        $lastEvent = ($events | Select-Object -First 1).TimeCreated
        
        # Format times
        $firstEventTime = $firstEvent.ToString("HH:mm:ss")
        $lastEventTime = $lastEvent.ToString("HH:mm:ss")
    } else {
        $firstEventTime = "No events"
        $lastEventTime = "No events"
    }
    
    # Add to results
    $results += [PSCustomObject]@{
        Date = $dateString
        FirstEventTime = $firstEventTime
        LastEventTime = $lastEventTime
    }
 }

 # Output to CSV
 $outputPath = "$env:USERPROFILE\Desktop\EventLogSummary.csv"
 $results | Export-Csv -Path $outputPath -NoTypeInformation

 Write-Host "CSV file created at: $outputPath"
	# Script to extract first and last event times from Windows System logs for the last 30 days
	# For Temporary bypass (single session) run the command below
	# Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

	# Get current date for calculation
	$today = Get-Date
	$startDate = $today.AddDays(-30)

	# Initialize array to store results
	$results = @()

	# Loop through each of the past 30 days
	for ($i = 0; $i -lt 30; $i++) {
	$date = $today.AddDays(-$i)
	$dayStart = Get-Date -Year $date.Year -Month $date.Month -Day $date.Day -Hour 0 -Minute 0 -Second 0
	$dayEnd = $dayStart.AddDays(1).AddSeconds(-1)

	# Format date for output
	$dateString = $dayStart.ToString("yyyy-MM-dd")

	Write-Host "Processing $dateString..."

	# Query Windows System logs for the specific day
	$events = Get-WinEvent -FilterHashtable @{
	LogName = 'System'
	StartTime = $dayStart
	EndTime = $dayEnd
	} -ErrorAction SilentlyContinue

	if ($events -and $events.Count -gt 0) {
	# Get first and last events (events are returned in reverse chronological order)
	$firstEvent = ($events \| Select-Object -Last 1).TimeCreated
	$lastEvent = ($events \| Select-Object -First 1).TimeCreated

	# Format times
	$firstEventTime = $firstEvent.ToString("HH:mm:ss")
	$lastEventTime = $lastEvent.ToString("HH:mm:ss")
	} else {
	$firstEventTime = "No events"
	$lastEventTime = "No events"
	}

	# Add to results
	$results += [PSCustomObject]@{
	Date = $dateString
	FirstEventTime = $firstEventTime
	LastEventTime = $lastEventTime
	}
	}

	# Output to CSV
	$outputPath = "$env:USERPROFILE\Desktop\EventLogSummary.csv"
	$results \| Export-Csv -Path $outputPath -NoTypeInformation

	Write-Host "CSV file created at: $outputPath"