Last active
December 23, 2022 18:05
-
-
Save stevenpdq/042258143af30ef7e7f41f71a8596eb1 to your computer and use it in GitHub Desktop.
Gathers event logs related to PDQ Deploy, PDQ Inventory, PDQ Inventory Agent, and .NET from the last 30 days into an evtx file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$OutputPath = $env:TEMP | |
#xPathQuery for wevutil to grab event logs from Deploy, Inventory, Inventory Agent, and .NET Runtime from the last 30 days: | |
$xPathQuery = "*[System[Provider[@Name='PDQ Deploy' or @Name='PDQ Inventory' or @Name='PDQ Inventory Agent' or @Name='.NET Runtime'] and TimeCreated[timediff(@SystemTime) <= 2592000000]]]" | |
wevtutil export-log Application $OutputPath\PDQEventLogs.evtx /query:"$xPathQuery" /overwrite:true #export event logs to evtx file based on xPathQuery | |
$wshell = New-Object -ComObject Wscript.Shell # Create message box | |
$wshell.Popup("Log files saved at $OutputPath\PDQEventLogs.evtx.`n`nClick Ok to open containing folder.", 0, "PDQ Event Logs", 0x0) | |
Invoke-Item $OutputPath #Open up the Log folder in explorer for easy access to PDQEventLogs.evtx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment