opabravo · February 14, 2024 20:50
diff --git a/export_wineventlog.ps1 b/export_wineventlog.ps1
 # Logs to extract from server
 $logArray = @('Application','HardwareEvents','Security','System','Windows PowerShell', 'Setup')

 # Grabs the server name to append to the log file extraction
 $servername = $env:computername

 # Provide the path with ending "\" to store the log file extraction.
 $destinationpath = "C:\temp\event_logs\"
 $destination_smb = "\\<SMB_SERVER>\<SHARE_NAME>\"

 # Checks the last character of the destination path.  If it does not end in '\' it adds one.
 # '.+?\\$' +? means any character \\ is looking for the backslash $ is the end of the line charater
 if ($destinationpath -notmatch '.+?\\$')
 {
    $destinationpath += '\'
 }

 # If the destination path does not exist it will create it
 if (!(Test-Path -Path $destinationpath))
 {
    New-Item -ItemType directory -Path $destinationpath
 }

 # Get the current date in YearMonthDay format
 $logdate = Get-Date -format yyyyMMddHHmm

 # Start Process Timer
 $StopWatch = [system.diagnostics.stopwatch]::startNew()

 Foreach($log in $logArray)
 {
    # If using Clear and backup
    $destination = $destinationpath + $servername + "-" + $log + "-" + $logdate + ".evtx"

    Write-Host "Extracting the $log file now."

    # Extract each log file listed in $logArray from the local server.
    wevtutil epl $log $destination

    # Write-Host "Clearing the $log file now."

    # Clear the log and backup to file.
    # WevtUtil cl $log

 }

 # Zip the folder
 Write-Host "Zipping the folder..."
 Compress-Archive $destinationpath "C:\Temp\event_logs.zip"
 Write-Host "Sending the compress file to remote smb server..."
 Copy-Item -Path "C:\Temp\event_logs.zip" -Destination $destination_smb -Force

 # Cleanup
 Remove-Item -Recurse "C:\Temp\event_logs.zip", $destinationpath -Force

 # Stop Timer
 $StopWatch.Stop()
 $TotalTime = $StopWatch.Elapsed.TotalSeconds
 $TotalTime = [math]::Round($totalTime, 2)
 write-host "The Script took $TotalTime seconds to execute."
	# Logs to extract from server
	$logArray = @('Application','HardwareEvents','Security','System','Windows PowerShell', 'Setup')

	# Grabs the server name to append to the log file extraction
	$servername = $env:computername

	# Provide the path with ending "\" to store the log file extraction.
	$destinationpath = "C:\temp\event_logs\"
	$destination_smb = "\\<SMB_SERVER>\<SHARE_NAME>\"

	# Checks the last character of the destination path. If it does not end in '\' it adds one.
	# '.+?\\$' +? means any character \\ is looking for the backslash $ is the end of the line charater
	if ($destinationpath -notmatch '.+?\\$')
	{
	$destinationpath += '\'
	}

	# If the destination path does not exist it will create it
	if (!(Test-Path -Path $destinationpath))
	{
	New-Item -ItemType directory -Path $destinationpath
	}

	# Get the current date in YearMonthDay format
	$logdate = Get-Date -format yyyyMMddHHmm

	# Start Process Timer
	$StopWatch = [system.diagnostics.stopwatch]::startNew()

	Foreach($log in $logArray)
	{
	# If using Clear and backup
	$destination = $destinationpath + $servername + "-" + $log + "-" + $logdate + ".evtx"

	Write-Host "Extracting the $log file now."

	# Extract each log file listed in $logArray from the local server.
	wevtutil epl $log $destination

	# Write-Host "Clearing the $log file now."

	# Clear the log and backup to file.
	# WevtUtil cl $log

	}

	# Zip the folder
	Write-Host "Zipping the folder..."
	Compress-Archive $destinationpath "C:\Temp\event_logs.zip"
	Write-Host "Sending the compress file to remote smb server..."
	Copy-Item -Path "C:\Temp\event_logs.zip" -Destination $destination_smb -Force

	# Cleanup
	Remove-Item -Recurse "C:\Temp\event_logs.zip", $destinationpath -Force

	# Stop Timer
	$StopWatch.Stop()
	$TotalTime = $StopWatch.Elapsed.TotalSeconds
	$TotalTime = [math]::Round($totalTime, 2)
	write-host "The Script took $TotalTime seconds to execute."