The below script creates a .evt file which can be used with the Windows Event log Viewer.
# Config
$logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
$path = "C:\temp\" # Add Path, needs to end with a backsplash
# do not edit
$exportFileName = $logFileName + (get-date -f yyyyMMdd) + ".evt"
$logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
$logFile.backupeventlog($path + $exportFileName)
The below script cleans up older exported Event logs.
# Deletes all .evt logfiles in $path
# Be careful, this script removes all files with the extension .evt not just the selfcreated logfiles
$Daysback = "-7"
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path | Where-Object { ($_.LastWriteTime -lt $DatetoDelete) -and ($_.Extension -eq ".evt") } | Remove-Item
The combined PowerShell script:
# Config
$logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
$path = "C:\temp\" # Add Path, needs to end with a backsplash
# do not edit
$exportFileName = $logFileName + (get-date -f yyyyMMdd) + “.evt”
$logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
$logFile.backupeventlog($path + $exportFileName)
# Deletes all .evt logfiles in $path
# Be careful, this script removes all files with the extension .evt not just the selfcreated logfiles
$Daysback = “-7”
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path | Where-Object { ($_.LastWriteTime -lt $DatetoDelete) -and ($_.Extension -eq ".evt") } | Remove-Item
Clear-Eventlog -LogName $logFileName
Another PowerShell Script to try:
# This script exports consolidated and filtered event logs to CSV
Set-Variable -Name EventAgeDays -Value 7 #we will take events for the latest 7 days
Set-Variable -Name CompArr -Value @(“SERV1”, “SERV2”, “SERV3”, “SERV4”) # replace it with your server names
Set-Variable -Name LogNames -Value @(“Application”, “System”) # Checking app and system logs
Set-Variable -Name EventTypes -Value @(“Error”, “Warning”) # Loading only Errors and Warnings
Set-Variable -Name ExportFolder -Value “C:\TEST\”
$el_c = @() #consolidated error log
$now=get-date
$startdate=$now.adddays(-$EventAgeDays)
$ExportFile=$ExportFolder + “el” + $now.ToString(“yyyy-MM-dd—hh-mm-ss”) + “.csv” # we cannot use standard delimiteds like “:”
foreach($comp in $CompArr)
{
foreach($log in $LogNames)
{
Write-Host Processing $comp\$log
$el = get-eventlog -ComputerName $comp -log $log -After $startdate -EntryType $EventTypes
$el_c += $el #consolidating
}
}
$el_sorted = $el_c | Sort-Object TimeGenerated #sort by time
Write-Host Exporting to $ExportFile
$el_sorted|Select EntryType, TimeGenerated, Source, EventID, MachineName | Export-CSV $ExportFile -NoTypeInfo #EXPORT
Write-Host Done!