Logging

1. $query = @"
2. <QueryList>
3.  <Query Id="0" Path="Application">
4.    <Select Path="Application">*[System[(Level=1  or Level=2 or Level=3)]]</Select>
5.    <Select Path="Security">*[System[(Level=1  or Level=2 or Level=3)]]</Select>
6.    <Select Path="Setup">*[System[(Level=1  or Level=2 or Level=3)]]</Select>
7.    <Select Path="System">*[System[(Level=1  or Level=2 or Level=3)]]</Select>
8.    <Select Path="ForwardedEvents">*[System[(Level=1  or Level=2 or Level=3)]]</Select>
9.  </Query>
10. </QueryList>
11. “@
12. $file = New-Item -Name EVT.log -Path c:\temp -Force -type file
13. Get-WinEvent -ComputerName "SRVLABSPWEB01" -FilterXml $query | %{
14.       $evt = [xml]$_.toxml();
15. $_ | fl * | Out-File $file -Append
16. }