We are trying to export specific event ID from the event log to a report. We found this template Powershell script from Microsoft and modified it. It ran without any errors but does not create the eventlog file.
function Export-OSCEvent
{
<#
.SYNOPSIS
The Export-OSCEvent command will export eventlog with specified event ID to a CSV file,
and then send it to administrators.
.DESCRIPTION
The Export-OSCEvent command will export eventlog with specified event ID to a CSV file,
and then send it to administrators.
Only log created in last 24 hours, will be exported.
.PARAMETER Path
Specifies the path to the CSV output file. The parameter is required.
.PARAMETER EventID
Indicates which event to monitor or collect.
.PARAMETER SmtpServer
Specifies the name or IP of the SMTP server that sends the e-mail message.
.PARAMETER To
Specifies the addresses to which the mail is sent. Enter names (optional) and the e-mail address, such as "Name
<[email protected]>". This parameter is required.
.PARAMETER From
Specifies the address from which the mail is sent. Enter a name (optional) and e-mail address, such as "Name
<[email protected]>". This parameter is required.
.PARAMETER Subject
Specifies the subject of the e-mail message. This parameter is required.
.PARAMETER Body
Specifies the body (content) of the e-mail message.
.EXAMPLE
PS C:\> Export-OSCEvent -Path "C:\Eventlog.csv" -LogName "Application","Security","System" -EventID 4634 -SmtpServer "Ex01"`
-From "[email protected]" -To "[email protected]" -Body "Daily Check"
Description
-----------
This command collect event log with event id 4634, and export to "C:\Eventlog.csv".
Then send it to "[email protected]" via smtp server "Ex01"
.EXAMPLE
PS C:\> Export-OSCEvent -Path "C:\Eventlog.csv" -LogName "Application","Security","System" -EventID 4634,4624 -SmtpServer "Ex01"`
-Subject "Eventlog daily check" -From "[email protected]" `
-To "[email protected]","[email protected]"
Description
-----------
This command collect event log with event id 4634 or 4624, and export to "C:\Eventlog.csv".
Then send it to David and administrator via smtp server "Ex01"
.LINK
Windows PowerShell Advanced Function
http://technet.microsoft.com/en-us/library/dd315326.aspx
.LINK
Send-MailMessage
http://technet.microsoft.com/en-us/library/hh849925
.LINK
Export-Csv
http://technet.microsoft.com/library/hh849932.aspx
.LINK
Get-WinEvent
http://technet.microsoft.com/en-us/library/hh849682.aspx
#>
[CmdletBinding()]
param
(
[Parameter(Mandatory=$True,Position=0)]
[String]$Path,
[Parameter(Mandatory=$True,Position=1)]
[String[]]$LogName,
[Parameter(Mandatory=$True,Position=2)]
[String[]]$EventID,
[Parameter(Mandatory=$False,Position=3)]
[String]$SmtpServer,
[Parameter(Mandatory=$False,Position=4)]
[String[]]$To,
[Parameter(Mandatory=$False,Position=5)]
[String]$From,
[Parameter(Mandatory=$False,Position=6)]
[String]$Subject="Eventlog daily check",
[Parameter(Mandatory=$False,Position=7)]
[String]$Body="Eventlog daily check, detail report is attached."
)
process
{
#check whether path is correct
try
{
$TempPath=Split-Path $Path
if (-not (Test-Path $TempPath))
{
New-Item -ItemType directory -Path $TempPath -ErrorAction Stop |Out-Null
}
}
catch
{
Write-Error -Message "Could not create path '$Path'. Please make sure you have enough permission and the format is correct."
return
}
#export a certain eventlog with specified log name and event ID for last 24 hours.
Get-WinEvent -LogName $LogName -MaxEvents 1000 -EA SilentlyContinue | Where-Object {$_.id -in $EventID -and $_.Timecreated -gt (Get-date).AddHours(-24)} | Sort TimeCreated -Descending | Export-Csv $Path -NoTypeInformation
Send-MailMessage -From $From -To $To -SmtpServer $SmtpServer -Subject $Subject -Body $Body -Attachments $Path
}
}
Export-OSCEvent -Path "C:\Eventlog.csv" -LogName "Application","Security","System" -EventID 4634