Get-EventLog with Append

682 Views Asked by lapsantos At 21 November 2016 at 01:34

So i have this code below that collects the stated EventIDs with the use of append. The problem is have is it only saves to a single file. What i want to do is save the collection to a daily file so i can do a daily report. A little help please?

$endtime = Get-Date
$starttime = (Get-Date).AddHours(-3)
$domain = "ComputerName"

$event = get-eventlog security -ComputerName $domain -after $starttime -before $endtime | where-object {($_.EventID -eq  4724) -or ($_.EventID -eq 4723) -or ($_.EventID -eq 4720)}
$event | select MachineName,EventID,TimeGenerated,Message | export-csv -path "E:\EventLogs\temp.csv"
get-content "E:\EventLogs\temp.csv" | out-File -filepath "E:\EventLogs\AccountAudit.csv" -append -enc ASCII -width 500

Original Q&A

There are 2 best solutions below

Sonny Puijk On 21 November 2016 at 05:43

Simply add a get-start with some parameters to get a date that's filename friendly (no "/" for example) and save it in a variable. Then replace AccountAudit on the last line with the variable.

Avshalom On 21 November 2016 at 11:28

Export-Csv Has an -Append Parameter as well, you can shorten your code to:

$event = get-eventlog security -ComputerName $domain -after $starttime -before $endtime | 
Where-object {($_.EventID -eq  4724) -or ($_.EventID -eq 4723) -or ($_.EventID -eq 4720)}

$event | select MachineName,EventID,TimeGenerated,Message | 
Export-Csv -path "E:\EventLogs\AccountAudit.csv" -Append -Encoding ASCII

Get-EventLog with Append

There are 2 best solutions below

Related Questions in POWERSHELL

Related Questions in APPEND

Related Questions in EVENT-LOG

Related Questions in AUDIT

Related Questions in EVENT-ID

Trending Questions

Popular # Hahtags

Popular Questions