#Require -RunAsAdministrator #Require -version 7set-strictmode -version 4

1. #Require -RunAsAdministrator
2. #Require -version 7
3. set-strictmode -version 4
4.  
5. [uint32]$ms=5*24*60*60*1000;
6. $start = (Get-Date).AddMilliseconds(-$ms);
7. $end = (Get-Date).AddMilliSeconds(-1000);
8.  
9. $start2=$start.ToString("yyyy-MM-dd_HHmmss")
10. $end2=$end.ToString("yyyy-MM-dd_HHmmss")
11.  
12. $scriptName="EventLog-Parallel"
13. $homeDir="FileSystem::$env:HOMEDRIVE\SCRIPTS\$scriptName"
14.  
15. If( !(test-path $homeDir -pathtype container ) )
16. {
17. new-item $homedir -itemtype directory | out-null
18. }
19.  
20. [System.Collections.Hashtable]$query = @{}
21.  
22. $query.SystemError = @{ LogName = 'System'; Level = 2; StartTime = $start; EndTime = $end }
23. $query.SystemWarning = @{ LogName = 'System'; Level = 3; StartTime = $start; EndTime = $end }
24. $query.SystemInformation = @{ LogName = 'System'; Level = 4; StartTime = $start; EndTime = $end }
25.  
26. $query.ApplicationError = @{ LogName = 'Application'; Level = 2; StartTime = $start; EndTime = $end }
27. $query.ApplicationWarning = @{ LogName = 'Application'; Level = 3; StartTime = $start; EndTime = $end }
28. $query.ApplicationInformation = @{ LogName = 'Application'; Level = 4; StartTime = $start; EndTime = $end }
29.  
30. $query.Security = @{ LogName = 'Security'; Level = 0; StartTime = $start; EndTime = $end }
31.  
32. $error.clear()
33.  
34. $query.values | ForEach-Object -Parallel{
35.  
36. If($_.logname -eq 'System' -AND $_.level -eq '2')
37. { $outFile="$($homeDir)\SystemError_$($start2).json"}
38.  
39. If($_.logname -eq 'System' -AND $_.level -eq '3')
40. { $outFile="$($homeDir)\SystemWarning_$($start2).json"}
41.  
42. If($_.logname -eq 'System' -AND $_.level -eq '4')
43. { $outFile="$($homeDir)\SystemInformation_$($start2).json"}
44.  
45. If($_.logname -eq 'Application' -AND $_.level -eq '2')
46. { $outFile="$($homeDir)\ApplicationError_$($start2).json"}
47.  
48. If($_.logname -eq 'Application' -AND $_.level -eq '3')
49. { $outFile="$($homeDir)\ApplicationWarning_$($start2).json"}
50.  
51. If($_.logname -eq 'Application' -AND $_.level -eq '4')
52. { $outFile="$($homeDir)\ApplicationInformation_$($start2).json"}
53.  
54. If($_.logname -eq 'Security')
55. { $outFile="$($homeDir)\Security_$($start2).json"}
56.  
57.  
58. Try{
59.  
60. Get-WinEvent -FilterHashTable $_ -EA STOP | select timecreated,logname,providername,id,recordid,message | convertto-json | out-file $outFile -Force -confirm:$false
61.  
62. }
63. Catch [system.exception]{
64.  
65. #No events found
66. $null | convertto-json | out-file $outFile -Force -confirm:$false
67. }
68. Catch{
69.  
70. $null | convertto-json | out-file $outFile -Force -confirm:$false
71. }
72.  
73. }#Foreach
74.  
75. If($error.count -gt 0){ $e=$error ; $e | foreach{$_;} }
76.