Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- param (
- [string]$directory = "C:\logs"
- )
- Function Set-EventlogPath ([string]$Computername=$env:COMPUTERNAME,[string]$NewLogDir,[string]$LogName)
- {
- [reflection.assembly]::loadwithpartialname("System.Diagnostics.Eventing.Reader")
- $Eventlogsession = New-Object System.Diagnostics.Eventing.Reader.EventLogSession -ArgumentList $Computername
- $Eventlogconfig = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration -ArgumentList $LogName,$Eventlogsession
- $Logfilepath = $Eventlogconfig.LogFilePath
- $Logfile = Split-Path $Logfilepath -Leaf
- $NewLogFilePath = "$NewLogDir\$Logfile"
- Write-Host -ForegroundColor Yellow $LogName,$Logfilepath,$Eventlogconfig.LogType
- if (($Eventlogconfig.LogType -eq "Debug" -or$Eventlogconfig.LogType -eq " Analytical") -and $Eventlogconfig.IsEnabled)
- {
- $Eventlogconfig.IsEnabled = $false
- $Eventlogconfig.SaveChanges()
- $Eventlogconfig.LogFilePath = $NewLogFilePath
- $Eventlogconfig.SaveChanges()
- $Eventlogconfig.IsEnabled = $true
- $Eventlogconfig.SaveChanges()
- }
- else
- {
- $Eventlogconfig.LogFilePath = $NewLogFilePath
- $Eventlogconfig.SaveChanges()
- }
- }
- If(!(test-path $directory))
- {
- New-Item -ItemType Directory -Force -Path $directory
- }
- Set-EventlogPath -Computername localhost -NewLogDir $directory -LogName Security
- $limitParam = @{
- Maximumsize = 200MB
- logname = "Security"
- RetentionDays = 90
- OverflowAction = "OverwriteOlder"
- }
- Limit-EventLog @limitParam
- Get-Eventlog -list | where {$_.Log -eq $limitparam.logname}
Add Comment
Please, Sign In to add comment