Home / server / Questions / 392397
In Process
whizkid
Asked: 2012-05-25 12:04:19 +0800 CST

How to export all System event logs of a definite time period

  • 772

I am working on a Windows Server 2003 SP2 with Powershell v2, and I am looking for a way to export all System event logs of a definite time period, (say, from Saturday 2000 hours to Sunday 1100 hours).

I can export all existing System logs using Get-Eventlog command to a CSV file, then copy the entries in the said time window. Though, I am looking an easier way to do this with or without using powershell.

windows windows-server-2008 windows-server-2003 powershell windows-event-log

3 Answers

  1. Modify your Get-WinEvent with a filter.

    $startTime = get-date "5/22/2012 20:00:00"
$endTime = get-date "5/23/2012 11:00:00"
Get-WinEvent -FilterHashtable @{Logname="System"; StartTime=$startTime; EndTime=$endTime} | Export-CSV -Path c:\temp\output.csv
    • 2

  2. I'd suggest you have a look at Microsoft Log Parser. It will allow you to execute queries against your logs, and export the results in a variety of formats including csv.

    • 0

  3. Now, I'm a coder at heart, so it pains me to suggest this... I am assuming you are trying to secure logs centrally for forensic purposes. If my assumption is correct, and ignore me if it's not, why not configure an Event Subscription, with a pre-determined time period?

    • 0