Tag: logfiles

PowerShell

PowerShell: How to export Windows Eventlogs with PowerShell

This is a little dirty Windows PowerShell script which exports or backups Windows Eventlogs. The script creates a .evt file which can be used with the Windows Eventlog Viewer.

# Config
$logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
$path = "C:\temp\" # Add Path, needs to end with a backsplash
 
# do not edit
$exportFileName = $logFileName + (get-date -f yyyyMMdd) + ".evt"
$logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
$logFile.backupeventlog($path + $exportFileName)

And with the next code it cleans up older exported Eventlogs.

# Deletes all .evt logfiles in $path
# Be careful, this script removes all files with the extension .evt not just the selfcreated logfiles
$Daysback = "-7"
 
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path | Where-Object { ($_.LastWriteTime -lt $DatetoDelete) -and ($_.Extension -eq ".evt") } | Remove-Item

UPDATE: If you wanna clean the Eventlog after the export you can do that by using the Clear-Eventlog cmdlet. (Thanks to Michel from server-talk.eu)

Clear-Eventlog -LogName $logFileName

And here the whole “script”

# Config
$logFileName = "Application" # Add Name of the Logfile (System, Application, etc)
$path = "C:\temp\" # Add Path, needs to end with a backsplash
 
# do not edit
$exportFileName = $logFileName + (get-date -f yyyyMMdd) + ".evt"
$logFile = Get-WmiObject Win32_NTEventlogFile | Where-Object {$_.logfilename -eq $logFileName}
$logFile.backupeventlog($path + $exportFileName)
 
# Deletes all .evt logfiles in $path
# Be careful, this script removes all files with the extension .evt not just the selfcreated logfiles
$Daysback = "-7"
 
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path | Where-Object { ($_.LastWriteTime -lt $DatetoDelete) -and ($_.Extension -eq ".evt") } | Remove-Item
Clear-Eventlog -LogName $logFileName

Also check out my blog post about deleting files older than a specific date using PowerShell.



PowerShell

PowerShell: Copy Log files with Date and Content

Some days ago I made a blog post about Select-String in PowerShell. I created a “script” or a better a command to check log files for a specific text and copy the log file to another place using PowerShell.

Get-ChildItem C:\temp -Filter *.log -Recurse | Select-String "Contoso" |  Copy-Item -Destination C:\temp2

Now I added also a Start date and a End date for the log files you wanna search in.

$Startdate = (get-date -year 2011 -month 3 -day 25)
$Enddate = (get-date -year 2011 -month 3 -day 30)
 
Get-ChildItem C:\temp -Filter *.log -Recurse | Where-Object {($_.LastWriteTime.Date -ge $Startdate.Date) -and ($_.LastWriteTime.Date -le $Enddate.Date)} | Select-String "Contoso" |  Copy-Item -Destination C:\temp2

Also check out my blog post to clean up files older than a specific date using PowerShell and how to install PowerShell 6 and PowerShell 7. If you have any questions, please let me know in the comments.



PowerShell

PowerShell: Delete Files older than

This is a simple PowerShell script which deletes Files older than some days. You can use it to cleanup old logfiles or other things. If you run the script the first time you can add the “-WhatIf” parameter after Remove-Item command.

# Delete all Files in C:\temp older than 30 day(s)
$Path = "C:\temp"
$Daysback = "-30"
 
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path | Where-Object { $_.LastWriteTime -lt $DatetoDelete } | Remove-Item

If you need to delete files in subfolders too, you can use this script. This is the same script with the Get-Childitem parameter “-Recurse”.

# Delete all Files in C:\temp older than 30 day(s)
$Path = "C:\temp"
$Daysback = "-30"
 
$CurrentDate = Get-Date
$DatetoDelete = $CurrentDate.AddDays($Daysback)
Get-ChildItem $Path -Recurse ( | Where-Object { $_.LastWriteTime -lt $DatetoDelete } | Remove-Item

I hope this helps you and gives you a quick PowerShell code snipped to remove files older than a specific date using PowerShell. Also check out my PowerShell snipped to copy logfiles with date and content.