Pull Event logs off Windows server every 30 minutes using powershell
I found a script that pulls event logs off windows servers but instead of days I would like it to pull every 30 minutes. I am totally new to powershell and don't know what to change to change this to minutes instead of days. Is this possible with this script?
# +---------------------------------------------------------------------------
# | File : EventLogs.ps1
# | Version : 1.5
# | Purpose : Export Remote Event Logs to CSV.
# | Synopsis: Creates a CSV file containing all Errors and Warnings from the
# | "Application", "System" & "Operations Manager" Event Logs
# | Usage : .\EventLogs.ps1 -days NUMDAYS
# +----------------------------------------------------------------------------
# | Maintenance History
# | -------------------
# | Name Date Version Description
# | ------------------------------------------------------------------------------
# | Craig Wilson 25/11/2011 1.0 Initial Release
# | Craig Wilson 28/11/2011 1.1 Added '$store' variable for Log Location
# | Craig Wilson 28/11/2011 1.2 Added Help Infomration
# | Craig Wilson 28/11/2011 1.3 BUG FIX: added "-Credential $user" switch in for all logs
# | Craig Wilson 28/11/2011 1.4 Added filter for Events
# | Craig Wilson 01/12/2011 1.5* Added Array to loop through all servers in array and removed Paramter for servers.
# +-------------------------------------------------------------------------------
##################
## HELP SECTION ##
##################
<#
.SYNOPSIS
Script to export specific events from remote event logs to a CSV file
.DESCRIPTION
This script will read the event logs of the array of Servers and export all but
all relevant logs to a CSV File for the specified server over the period of history
requested at the command line.
Logs can be filtered by modifing the Query for the appropriate log..
.EXAMPLE
.\EventLogs.PS1 -days 7
.NOTES
Script may error if there are no events to record and will prompt for the password.
NO username or password information is stored by this script and nothing is written back
to the server.
#>
# Specify Command Line parameters
param([string]$days=$(throw "Days cannot be null"))
$servers = @("dc1", "dc2", "vs-webhost", "ts5", "ts7", "ts8", "ts9")
#Set namespace and calculate the date to start from
$namespace = "root\CIMV2"
$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-$days))
$store = "E:\Serverlogs" # No trailing slash, Folder must already exist
foreach ($computer in $servers)
{
# Get the Application Log and export to CSV
Get-WmiObject -ComputerName $computer `
-Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
FROM Win32_NTLogEvent WHERE (logfile='Application') AND (type!='Information') AND (EventCode!='1062') `
AND (EventCode!='9001') AND (EventCode!='1517') AND (EventCode!='16434') AND (EventCode!='16435') `
AND (EventCode!='30969') AND (EventCode!='1202') AND (EventCode!='1517') AND (EventCode!='257') `
AND (TimeWritten > '$BeginDate')" | `
SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
Export-Csv "$store\$computer-Application.csv"
# Get the System Log and export to CSV
Get-WmiObject -ComputerName $computer `
-Query "SELECT ComputerName,Logfile,Type,TimeWritten,SourceName,Message,Category,EventCode,User `
FROM Win32_NTLogEvent WHERE (logfile='System') AND (type!='Information') AND (EventCode!='257') AND (TimeWritten > '$BeginDate')" | `
SELECT ComputerName,Logfile,Type,@{name='TimeWritten';Expression={$_.ConvertToDateTime($_.TimeWritten)}},SourceName,Message,Category,EventCode,User | `
Export-Csv "$store\$computer-System.csv"
}
Who is Participating?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Open in new window
try changing :
$BeginDate=[System.Managem
to
$BeginDate=[System.Managem