API tools faq
paste
Guest User

y4K518QN Edit

a guest
Jun 28th, 2025
19
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.31 KB | Help | 0 0
raw download clone embed print report
  1. #Require -RunAsAdministrator
  2. #Require -version 7
  3. Set-StrictMode -Version 4
  4.  
  5. # Made this a bit easier to read by using specific methods (pretty sure your start time is just doing 5 days in past)
  6. $start = (Get-Date).AddDays(-5)
  7. $end   = (Get-Date).AddSeconds(-1)
  8.  
  9.  
  10. $homedir = "$env:HOMEDRIVE\SCRIPTS\EventLog-Parallel"
  11. # New-Item -Force doesnt overwrite directory, so you can skip the test-path
  12. New-Item -ItemType Directory -Path $homedir -Force | Out-Null
  13.  
  14. # Instead of a bunch of if statements, and your filenames all follow same pattern, this is just a hashtable
  15. # The only thing that changes in the if statements is the filename part, so we're mapping the log file name to the filter properties
  16. $Map = [hashtable]::Synchronized(@{
  17.     'SystemError'            = @{ LogName = 'System'; Level = 2; StartTime = $start; EndTime = $end }
  18.     'SystemWarning'          = @{ LogName = 'System'; Level = 3; StartTime = $start; EndTime = $end }
  19.     'SystemInformation'      = @{ LogName = 'System'; Level = 4; StartTime = $start; EndTime = $end }
  20.     'ApplicationError'       = @{ LogName = 'Application'; Level = 2; StartTime = $start; EndTime = $end }
  21.     'ApplicationWarning'     = @{ LogName = 'Application'; Level = 3; StartTime = $start; EndTime = $end }
  22.     'ApplicationInformation' = @{ LogName = 'Application'; Level = 4; StartTime = $start; EndTime = $end }
  23.     'Security'               = @{ LogName = 'Security'; Level = 0; StartTime = $start; EndTime = $end }
  24. })
  25.  
  26. $error.Clear()
  27.  
  28. $Map.Keys | Foreach-Object {
  29.     $filename = "$homedir\${name}_$($filter.StartTime.ToString("yyyy-MM-dd_HHmmss")).json"
  30.  
  31.     # Rather than doing Foreach-Parallel, we're just doing start-job for each of them so we can pass parameters to the threads
  32.     Start-Job -Name $_ -ScriptBlock {
  33.         param($filter,$filename)
  34.  
  35.         # Null coalescer instead of try/catch (idk this might break im just fuckin around)
  36.         $ev = (Get-WinEvent -FilterHashtable $filter -ErrorAction SilentlyContinue |
  37.                Select-Object TimeCreated,LogName,ProviderName,Id,RecordId,Message) ?? $null
  38.  
  39.         $ev | ConvertTo-Json | Out-File $filename -Force -Confirm:$false
  40.     } -ArgumentList @($Map[$_], $filename) | Out-Null
  41. }
  42.  
  43. # This will spit out empty if there are no errors, so no if statements really needed
  44. $error | Foreach-Object {$_}
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!