Pull Event logs off Windows server every 30 minutes using powershell

ats2012 used Ask the Experts™

on 2013-02-07

Powershell

I found a script that pulls event logs off windows servers but instead of days I would like it to pull every 30 minutes. I am totally new to powershell and don't know what to change to change this to minutes instead of days. Is this possible with this script?

# +---------------------------------------------------------------------------
# | File : EventLogs.ps1                                          
# | Version : 1.5                                         
# | Purpose : Export Remote Event Logs to CSV. 
# | Synopsis: Creates a CSV file containing all Errors and Warnings from the 
# |           "Application", "System" & "Operations Manager" Event Logs 
# | Usage : .\EventLogs.ps1 -days NUMDAYS
# +----------------------------------------------------------------------------
# | Maintenance History                                            
# | -------------------                                            
# | Name            Date         Version         Description        
# | ------------------------------------------------------------------------------
# | Craig Wilson    25/11/2011   1.0            Initial Release
# | Craig Wilson    28/11/2011   1.1            Added '$store' variable for Log Location 
# | Craig Wilson    28/11/2011   1.2            Added Help Infomration
# | Craig Wilson    28/11/2011   1.3            BUG FIX: added "-Credential $user" switch in for all logs
# | Craig Wilson    28/11/2011   1.4            Added filter for Events
# | Craig Wilson    01/12/2011   1.5*           Added Array to loop through all servers in array and removed Paramter for servers. 
# +-------------------------------------------------------------------------------
##################
## HELP SECTION ##
##################
<#
.SYNOPSIS 
Script to export specific events from remote event logs to a CSV file
.DESCRIPTION 
This script will read the event logs of the array of Servers and export all but 
all relevant logs to a CSV File for the specified server over the period of history
requested at the command line.
Logs can be filtered by modifing the Query for the appropriate log..
.EXAMPLE 
.\EventLogs.PS1 -days 7
.NOTES 
Script may error if there are no events to record and will prompt for the password.
NO username or password information is stored by this script and nothing is written back
to the server. 
#>
#  Specify Command Line parameters
param([string]$days=$(throw "Days cannot be null"))
$servers = @("dc1", "dc2", "vs-webhost", "ts5", "ts7", "ts8", "ts9")

#Set namespace and calculate the date to start from
$namespace = "root\CIMV2" 
$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-$days))
$store = "E:\Serverlogs"  # No trailing slash, Folder must already exist
foreach ($computer in $servers)
{
    # Get the Application Log and export to CSV
    Get-WmiObject -ComputerName $computer `
        -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
            FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type!='Information') AND (EventCode!='1062') `
            AND (EventCode!='9001') AND (EventCode!='1517') AND (EventCode!='16434') AND (EventCode!='16435') `
            AND (EventCode!='30969') AND (EventCode!='1202') AND (EventCode!='1517')  AND (EventCode!='257') `
            AND (TimeWritten > '$BeginDate')" | `
            SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
            Export-Csv "$store\$computer-Application.csv" 
    # Get the System Log and export to CSV
    Get-WmiObject -ComputerName $computer `
        -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
            FROM Win32_NTLogEvent WHERE (logfile='System') AND (type!='Information') AND (EventCode!='257') AND (TimeWritten > '$BeginDate')" | `
            SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
            Export-Csv "$store\$computer-System.csv" 
}

Open in new window

# +--------------------------------------------------------------------------- # | File : EventLogs.ps1 # | Version : 1.5 # | Purpose : Export Remote Event Logs to CSV. # | Synopsis: Creates a CSV file containing all Errors and Warnings from the # | "Application", "System" & "Operations Manager" Event Logs # | Usage : .\EventLogs.ps1 -days NUMDAYS # +---------------------------------------------------------------------------- # | Maintenance History # | ------------------- # | Name Date Version Description # | ------------------------------------------------------------------------------ # | Craig Wilson 25/11/2011 1.0 Initial Release # | Craig Wilson 28/11/2011 1.1 Added '$store' variable for Log Location # | Craig Wilson 28/11/2011 1.2 Added Help Infomration # | Craig Wilson 28/11/2011 1.3 BUG FIX: added "-Credential $user" switch in for all logs # | Craig Wilson 28/11/2011 1.4 Added filter for Events # | Craig Wilson 01/12/2011 1.5* Added Array to loop through all servers in array and removed Paramter for servers. # +------------------------------------------------------------------------------- ################## ## HELP SECTION ## ################## <# .SYNOPSIS Script to export specific events from remote event logs to a CSV file .DESCRIPTION This script will read the event logs of the array of Servers and export all but all relevant logs to a CSV File for the specified server over the period of history requested at the command line. Logs can be filtered by modifing the Query for the appropriate log.. .EXAMPLE .\EventLogs.PS1 -days 7 .NOTES Script may error if there are no events to record and will prompt for the password. NO username or password information is stored by this script and nothing is written back to the server. #> # Specify Command Line parameters param([string]$days=$(throw "Days cannot be null")) $servers = @("dc1", "dc2", "vs-webhost", "ts5", "ts7", "ts8", "ts9") #Set namespace and calculate the date to start from $namespace = "root\CIMV2" $BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).Addhours(-$days)) $store = "E:\Serverlogs" # No trailing slash, Folder must already exist foreach ($computer in $servers) { # Get the Application Log and export to CSV Get-WmiObject -ComputerName $computer ` -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User ` FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type!='Information') AND (EventCode!='1062') ` AND (EventCode!='9001') AND (EventCode!='1517') AND (EventCode!='16434') AND (EventCode!='16435') ` AND (EventCode!='30969') AND (EventCode!='1202') AND (EventCode!='1517') AND (EventCode!='257') ` AND (TimeWritten > '$BeginDate')" | ` SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | ` Export-Csv "$store\$computer-Application.csv" # Get the System Log and export to CSV Get-WmiObject -ComputerName $computer ` -Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User ` FROM Win32_NTLogEvent WHERE (logfile='System') AND (type!='Information') AND (EventCode!='257') AND (TimeWritten > '$BeginDate')" | ` SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | ` Export-Csv "$store\$computer-System.csv" }

Pull Event logs off Windows server every 30 minutes using powershell

Premium Content

Premium Content

Explore our Suite of Services