Search for words within the Windows Event Log using PowerShell

Posted on July 7, 2015 by thecomputerperson

Here is an example of how to search your Event Logs using PowerShell.

get-eventlog "Security" | where {$_.Message -like "*search term*"} | export-csv c:\temp\test.csv

This would be useful in the following situations:

-Searching the Security event log for computer logins by IP. This is useful if you want to search for the IP of a computer to find the last user who used it.
-Searching the Security event log for file movement operations if you have audit switched on.

Remember you can change the “Security” word to one of the other windows event logs to search a different log.

This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this: