Dima-BR/seattle-ops-201d1: Ops Challenge08

## seattle-ops-201d1: Ops Challenge08
#Script Name: Log Retrieval via Powershell
#Author: Dima
#Date of last revision: 6/8/2020
#Description of purpose: retrieve system log information via Powershell instead of Event Viewer.

#**************************************
# Get the event log on the local computer
Get-EventLog -List

#Task 1
# System event log that occurred in the last 24 hours
$eventLog24=Get-eventlog -LogName System -After (Get-Date).AddDays(-1)
$eventLog24 > last_24.txt

#Task 2
#error type events from the System event log
$errorLog=Get-eventlog -LogName System -EntryType Error
$eventLog24 > errors.txt

#Task 3
#events with ID of 16 from the System event log.
$ID_16=Get-EventLog -LogName System | Where-Object{$_.EventID -eq 16}
$ID_16

#Task 4
#the most recent 20 entries from the System event log
$system_20entries=Get-EventLog -LogName System -Newest 20
$system_20entries

#Task 5
  all sources of the 500 most recent entries in the System event log
$recent500entries= Get-EventLog -LogName System -Newest 500 | Select-Object -Property source

#Declaration of functions
function eventlog24{
    $eventlog24 > last_24.txt
}
eventlog24

function errorLog{
$errorLog > errors.txt
}
errorLog

function ID_16{
    $ID_16
}
ID_16

function system_20entries{
$system_20entries
}
system_20entries

function recent500entries{
$recent500entries
}
recent500entries
	#Script Name: Log Retrieval via Powershell
	#Author: Dima
	#Date of last revision: 6/8/2020
	#Description of purpose: retrieve system log information via Powershell instead of Event Viewer.

	#**************************************
	# Get the event log on the local computer
	Get-EventLog -List

	#Task 1
	# System event log that occurred in the last 24 hours
	$eventLog24=Get-eventlog -LogName System -After (Get-Date).AddDays(-1)
	$eventLog24 > last_24.txt

	#Task 2
	#error type events from the System event log
	$errorLog=Get-eventlog -LogName System -EntryType Error
	$eventLog24 > errors.txt

	#Task 3
	#events with ID of 16 from the System event log.
	$ID_16=Get-EventLog -LogName System \| Where-Object{$_.EventID -eq 16}
	$ID_16

	#Task 4
	#the most recent 20 entries from the System event log
	$system_20entries=Get-EventLog -LogName System -Newest 20
	$system_20entries

	#Task 5
	all sources of the 500 most recent entries in the System event log
	$recent500entries= Get-EventLog -LogName System -Newest 500 \| Select-Object -Property source

	#Declaration of functions
	function eventlog24{
	$eventlog24 > last_24.txt
	}
	eventlog24

	function errorLog{
	$errorLog > errors.txt
	}
	errorLog

	function ID_16{
	$ID_16
	}
	ID_16

	function system_20entries{
	$system_20entries
	}
	system_20entries

	function recent500entries{
	$recent500entries
	}
	recent500entries