Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Will RunAs Administrator if not already elevated - needed for the Security Event Log
- If (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
- $arguments = "& '" + $myinvocation.mycommand.definition + "'"
- Start-Process powershell -Verb runAs -ArgumentList $arguments
- Break
- }
- $date = (get-date -uformat %Y%m%d) + "_" + (get-date -uformat %H%M)
- $backuploc = $env:USERPROFILE + '\Documents\EventLogBkps'
- $CurrentEventLogs = Get-EventLog -List | select Log
- $EventLogList = 'Application','Security','System','Some Custom Log Name'
- if (!(Test-Path $backuploc)) { md $backuploc | Out-Null}
- foreach ($logitem in $EventLogList) {
- if ($CurrentEventLogs.Log -contains $logitem) {
- wevtutil epl $logitem "$backuploc\$($logitem)_eventlog_($date).evtx"
- $file = Get-ChildItem "$backuploc\$($logitem)_eventlog_($date).evtx"
- Write-Host 'Created: ' -ForegroundColor Green -NoNewline
- Write-Host '$backuploc\$($logitem)_eventlog_($date).evtx' -NoNewline -ForegroundColor White
- Write-Host ' File size: ' -NoNewline -ForegroundColor Yellow
- Write-Host $file.length -ForegroundColor White
- }
- }
- Write-Host ""
- $title = "Clear Logs"
- $message = "Do you want to clear all of the primary Event Logs?"
- $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", "Clears event entries in each Event Log."
- $no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", "Doesn't clear any entries from Event Logs."
- $options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
- $result = $host.ui.PromptForChoice($title, $message, $options, 0)
- switch ($result)
- {
- 0 {
- Write-Host ""
- foreach ($logtoclear in $EventLogList) {
- if ($CurrentEventLogs.Log -contains $logtoclear) {
- clear-eventlog -log $logtoclear
- Write-Host "$logtoclear" -ForegroundColor Green -NoNewline
- Write-Host " has been cleared." -ForegroundColor White
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement