2020 | Scott W. Head  |  Sr. Systems Admin | Certified Microsoft Windows Server Administrator

PowerShell Event Viewer


<#  
    ScriptsbyScott.com

    .SYNOPSIS
        Search for event log for specific Event IDs
    
    .DESCRIPTION
        Created for audit purposes for evidence
    
    .NOTES  
        Author: Scott Head
        Min PSVer: Powershell 2.0
        Version: 1.0 (7/7/2019) Script Created     
#>

         
        cls
        
        $Server=Read-Host "Enter Server Name"
        
        $LogType=Read-Host "Enter Security  | Application | System"
        
        $Count=Read-Host "Enter Amount of Results from the Most Recent"
        
        cls
        write-host "-----Application----------"
        write-host "1007 Application Hang"
        write-host "1000 Application Error"
        write-host ""
        write-host "-------Security---------"
        write-host "4740 Account Lockout"
        write-host "4624 Account Log on"
        write-host "4647 Account Log off"
        write-host "4625 Account Logon Failure "
        write-host ""
        
        
        $EventID=Read-Host "Enter Event ID"
        
        Get-EventLog -ComputerName $Server -LogName $LogType -newest $Count -InstanceId $EventID | Format-List | OUT-FILE "C:\Temp\EventViewer-$Server-$EventID.TXT" -Append
        
        Invoke-Item "C:\Temp\EventViewer-$Server-$EventID.TXT"