How can I Automate Tasks with the Task Scheduler Answer
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
Automating Tasks with Task Scheduler
Security logs contain a wealth of information to help you reduce exposure to intruders, malware, and data loss in your network.
In this lecture you will learn how to Use PowerShell to pull data from the security log then using a script you will automate security log data collection using the Windows Task Scheduler.
Complete the Prerequisites from 12 (Question) Let’s review
- First create a folder on your host’s C: drive called test.
- Download the student guide and the script called SecLog.ps1 (Upload the PS1 to (12 Answer)
- Copy this script to the C:\test folder
From the Host, open PowerShell ISE in admin mode and open the script called C:\test\SecLog.ps1
Here is the script:
# Define the number of entries to retrieve
$numberOfEntries = 50
# Get the 50 most recent security event log entries
$securityLogEntries = Get-WinEvent -LogName Security -MaxEvents $numberOfEntries |
Select-Object TimeCreated, Id, LevelDisplayName, Message
# Define the path for the CSV file
$csvFilePath = "C:\test\SecLog.csv"
# Export the security log entries to a CSV file
$securityLogEntries | Export-Csv -Path $csvFilePath -NoTypeInformation
# Output a confirmation message
Write-Host "The last $numberOfEntries security event log entries have been exported to $csvFilePath."
Here is the explanation:
$numberOfEntries = 50
Here, we are seeing a variable called $numberOfEntries to 50. This variable will determine how many recent security event log entries we want to retrieve. You can increase or decrease this number.
$securityLogEntries This will contain an array of objects, with each object representing one of the 50 most recent security event log entries. These objects have properties like TimeCreated, Id, LevelDisplayName, and Message.
Get-WinEvent is a cmdlet that allows us to retrieve event log entries.
-LogName Security specifies that we want to access the Security event log.
-MaxEvents $numberOfEntries limits the number of entries retrieved to the value stored in the $numberOfEntries variable (50 in this case).
| pipe command - The | symbol is used to pipe (or pass) the output of Get-WinEvent as input to the Select-Object cmdlet. This means that the list of security event log entries obtained from Get-WinEvent is then processed by Select-Object
Select-Object is used to filter the information we want to retrieve from each log entry. We're selecting the TimeCreated (metastamp), Id (event ID), LevelDisplayName (log level), and Message (the event message).
$csvFilePath = "C:\test\Seclog.csv"
Here, we set a variable called $csvFilePath to store the path where we want to save the CSV file. In this case, it's set to C:\Test\Seclog.csv.
$securityLogEntries contains the event log entries we retrieved earlier.
Export-Csv cmdlet is used to export this data to a CSV file located at the path specified in $csvFilePath.
-NoTypeInformation prevents PowerShell from adding data type information to the CSV file.
Write-Host "The last $numberOfEntries security event log entries have been exported to $csvFilePath."
Finally, we use Write-Host to display a confirmation message in the console. This message informs the user that the specified number of security event log entries have been exported to the CSV file defined in $csvFilePath.
Go ahead and press F5 and run the script.
From Windows Explorer go to the C:\test folder and open the Seclog.csv file. You will need Microsoft Excel
Here you see the Time created, Id, LevelDisplayName which is important. The various levels are
Information, Verbose, Error, Critical. In this case most logs consist of information-based events. Logs with this entry usually mean the event occurred without incident or issue.
In summary, this script retrieves the last 50 security event log entries, selects specific information from each
entry, exports it to a CSV file, and provides a confirmation message. It's a practical example of how PowerShell can be used to efficiently execute tasks involving Windows event logs.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.
