0%

0/1 Lessons

Course Introduction

• 5min

0 / 2 lessons complete

Getting Started with Windows PowerShell

• 56min

0 / 8 lessons complete

Getting Help and Finding Commands

• 39min

0 / 6 lessons complete

PowerShell Command Syntax

• 33min

0 / 5 lessons complete

PowerShell Objects and Properties

• 35min

0 / 6 lessons complete

The PowerShell Pipeline

• 24min

0 / 2 lessons complete

PowerShell Providers

• 30min

0 / 5 lessons complete

PowerShell Arrays and Variables

• 28min

0 / 4 lessons complete

PowerShell Loops

• 19min

0 / 3 lessons complete

PowerShell Conditional Statements

• 11min

0 / 1 lessons complete

On Premises Lab Setup

• 36min

0 / 8 lessons complete

Basic Domain Administration with Windows PowerShell

• 2hr 27min

0 / 10 lessons complete

Send Emails with PowerShell

• 22min

0 / 2 lessons complete

PowerShell Desired State Configuration (DSC) Basics

• 1hr 48min

0 / 6 lessons complete

PowerShell Modules

• 58min

0 / 7 lessons complete

Powershell Challenges

• 1hr 55min

0 / 23 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete

How can I Automate Tasks with the Task Scheduler Answer

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

Automating Tasks with Task Scheduler

Security logs contain a wealth of information to help you reduce exposure to intruders, malware, and data loss in your network.

In this lecture you will learn how to Use PowerShell to pull data from the security log then using a script you will automate security log data collection using the Windows Task Scheduler. 

Complete the Prerequisites from 12 (Question) Let’s review

  • First create a folder on your host’s C: drive called test.
  • Download the student guide and the script called SecLog.ps1 (Upload the PS1 to (12 Answer)
  • Copy this script to the C:\test folder 

From the Host, open PowerShell ISE in admin mode and open the script called C:\test\SecLog.ps1

Here is the script:

   # Define the number of entries to retrieve

$numberOfEntries = 50

# Get the 50 most recent security event log entries

$securityLogEntries = Get-WinEvent -LogName Security -MaxEvents $numberOfEntries |

  Select-Object TimeCreated, Id, LevelDisplayName, Message

# Define the path for the CSV file

$csvFilePath = "C:\test\SecLog.csv"

# Export the security log entries to a CSV file

$securityLogEntries | Export-Csv -Path $csvFilePath -NoTypeInformation

# Output a confirmation message

Write-Host "The last $numberOfEntries security event log entries have been exported to $csvFilePath."

Here is the explanation:

$numberOfEntries = 50

Here, we are seeing a variable called $numberOfEntries to 50. This variable will determine how many recent security event log entries we want to retrieve. You can increase or decrease this number.

$securityLogEntries This will contain an array of objects, with each object representing one of the 50 most recent security event log entries. These objects have properties like TimeCreated, Id, LevelDisplayName, and Message.

Get-WinEvent is a cmdlet that allows us to retrieve event log entries.

-LogName Security specifies that we want to access the Security event log.

-MaxEvents $numberOfEntries limits the number of entries retrieved to the value stored in the $numberOfEntries variable (50 in this case).

| pipe command - The | symbol is used to pipe (or pass) the output of Get-WinEvent as input to the Select-Object cmdlet. This means that the list of security event log entries obtained from Get-WinEvent is then processed by Select-Object

Select-Object is used to filter the information we want to retrieve from each log entry. We're selecting the TimeCreated (metastamp), Id (event ID), LevelDisplayName (log level), and Message (the event message).

   $csvFilePath = "C:\test\Seclog.csv" 

Here, we set a variable called $csvFilePath to store the path where we want to save the CSV file. In this case, it's set to C:\Test\Seclog.csv.

$securityLogEntries contains the event log entries we retrieved earlier.

Export-Csv cmdlet is used to export this data to a CSV file located at the path specified in $csvFilePath.

-NoTypeInformation prevents PowerShell from adding data type information to the CSV file.

Write-Host "The last $numberOfEntries security event log entries have been exported to $csvFilePath."

Finally, we use Write-Host to display a confirmation message in the console. This message informs the user that the specified number of security event log entries have been exported to the CSV file defined in $csvFilePath.

Go ahead and press F5 and run the script.

From Windows Explorer go to the C:\test folder and open the Seclog.csv file. You will need Microsoft Excel

Here you see the Time created, Id, LevelDisplayName which is important. The various levels are

Information, Verbose, Error, Critical. In this case most logs consist of information-based events. Logs with this entry usually mean the event occurred without incident or issue.

In summary, this script retrieves the last 50 security event log entries, selects specific information from each

entry, exports it to a CSV file, and provides a confirmation message. It's a practical example of how PowerShell can be used to efficiently execute tasks involving Windows event logs.

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

0 0 votes
Lesson Rating
Subscribe
Notify of
profile avatar