PowerShell: Search Windows Event Logs

# searchWindowsEventsLog.ps1

$computername=$env:computername
$logType='Security'
$eventId=4732
$daysBack=365
$limit=9999
$messageLike="*Remote Desktop Users*"

function searchWindowsEvents{
    param(
        $computername=$env:computername
        $logType='Security'
        $eventId=4732
        $daysBack=365
        $limit=9999
        $messageLike="*Remote Desktop Users*"    
    )    

    $filter=@{
        LogName=$logType
        ID=$eventId
        StartTime=[datetime]::Now.AddDays(-$daysBack)
    }
    
    $events=Get-WinEvent -FilterHashTable $filter -ComputerName $computername -EA Ignore|select -first $limit
    $events|?{$_.Message -like $messageLike}
}

searchWindowsEvents $computername $logType $eventId $daysBack $limit $messageLike

Leave a Reply

Your email address will not be published. Required fields are marked *