I am working on a Windows Server 2003 SP2 with Powershell v2, and I am looking for a way to export all System event logs of a definite time period, (say, from Saturday 2000 hours to Sunday 1100 hours).
I can export all existing System logs using Get-Eventlog command to a CSV file, then copy the entries in the said time window. Though, I am looking an easier way to do this with or without using powershell.
Modify your Get-WinEvent with a filter.
$startTime = get-date "5/22/2012 20:00:00"
$endTime = get-date "5/23/2012 11:00:00"
Get-WinEvent -FilterHashtable @{Logname="System"; StartTime=$startTime; EndTime=$endTime} | Export-CSV -Path c:\temp\output.csv
I'd suggest you have a look at Microsoft Log Parser. It will allow you to execute queries against your logs, and export the results in a variety of formats including csv.
Now, I'm a coder at heart, so it pains me to suggest this... I am assuming you are trying to secure logs centrally for forensic purposes. If my assumption is correct, and ignore me if it's not, why not configure an Event Subscription, with a pre-determined time period?
