PowerShell Event Viewer


        Search for event log for specific Event IDs
        Created for audit purposes for evidence
        Author: Scott Head
        Min PSVer: Powershell 2.0
        Version: 1.0 (7/7/2019) Script Created     

        $Server=Read-Host "Enter Server Name"
        $LogType=Read-Host "Enter Security  | Application | System"
        $Count=Read-Host "Enter Amount of Results from the Most Recent"
        write-host "-----Application----------"
        write-host "1007 Application Hang"
        write-host "1000 Application Error"
        write-host ""
        write-host "-------Security---------"
        write-host "4740 Account Lockout"
        write-host "4624 Account Log on"
        write-host "4647 Account Log off"
        write-host "4625 Account Logon Failure "
        write-host ""
        $EventID=Read-Host "Enter Event ID"
        Get-EventLog -ComputerName $Server -LogName $LogType -newest $Count -InstanceId $EventID | Format-List | OUT-FILE "C:\Temp\EventViewer-$Server-$EventID.TXT" -Append
        Invoke-Item "C:\Temp\EventViewer-$Server-$EventID.TXT"