Get-Content C:\Users\user\Documents\server_list.txt | ....
$logName = "Security"
#get date
$dateCurrent = Get-Date
#For the Week
$NDays = -7
$dateNDaysAgo = $dateCurrent.AddDays($NDays)
$logLevel = @("Critical", "Warning", "Error")
$logLevelCritical = "Critical"
$logLevelWarning = "Warning"
$logLevelError = "Error"
Write-Host "Log Entries since $dateNDaysAgo"
Get-WinEvent -Logname $logName | `
where-object {($_.timecreated -gt $date) -and ( ($_.levelDisplayName -eq $logLevelCritical) -or ($_.levelDisplayName -eq $logLevelWarning) -or ($_.levelDisplayName -eq $logLevelError) ) } | `
Group-Object ProviderName, levelDisplayName, ID | `
Sort-Object Count -descending | `
Format-Table Count, Name -auto
?{$_.KeywordsDisplayNames -match "Audit Failed"}
or
?{$_.KeywordsDisplayNames -match "Audit Success"}
$logName = "Security"
#get date
$dateCurrent = Get-Date
#For the Week
$NDays = -7
$dateNDaysAgo = $dateCurrent.AddDays($NDays)
$logLevel = @("Critical", "Warning", "Error")
$logLevelCritical = "Critical"
$logLevelWarning = "Warning"
$logLevelError = "Error"
Write-Host "Log Entries since $dateNDaysAgo"
Get-WinEvent -Logname $logName | `
Where-Object {($_.timecreated -gt $date) -and ( ?{$_.KeywordsDisplayNames -match "Audit Failed"} ) } | `
Group-Object ProviderName, KeywordsDisplayNames, ID | `
Sort-Object Count -descending | `
Format-Table Count, Name -auto
$logName = "Security"
#get date
$dateCurrent = Get-Date
#For the Week
$NDays = -7
$dateNDaysAgo = $dateCurrent.AddDays($NDays)
Write-Host "Log Entries since $dateNDaysAgo"
Get-WinEvent -Logname $logName |
Where-Object {$_.timecreated -gt $dateNDaysAgo -and $_.KeywordsDisplayNames -match "Audit Failure"} |
Group-Object ProviderName,KeywordsDisplayNames,ID |
Sort-Object Count -descending |
Format-Table Count,Name -Auto
Get-WinEvent : Could not retrieve information about the Security log. Error: Attempted to perform an unauthorized operation..
At line:12 char:1
+ Get-WinEvent -Logname $logName |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : LogInfoUnavailable,Microsoft.PowerShell.Commands.GetWinEventCommand
Get-WinEvent : There is not an event log on the localhost computer that matches "Security".
At line:12 char:1
+ Get-WinEvent -Logname $logName |
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Security:String) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingLogsFound,Microsoft.PowerShell.Commands.GetWinEventCommand