36 lines
1.3 KiB
PowerShell
36 lines
1.3 KiB
PowerShell
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory)]
|
|
[datetime]$StartTimestamp,
|
|
[Parameter(Mandatory)]
|
|
[datetime]$EndTimestamp,
|
|
[Parameter()]
|
|
[string[]]$LogFileExtension = @('log')
|
|
)
|
|
#03-24-2026 19:03:26
|
|
# Code from CloudGuru/Pluralsight Lab
|
|
# https://app.pluralsight.com/hands-on/labs/9558fe0b-2654-40c1-b5ab-2347a8a06c98
|
|
|
|
$Error.Clear()
|
|
|
|
## Query all event logs to search
|
|
$logs = (Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount}).LogName
|
|
## Filter event logs based on my timeframe
|
|
$FilterTable = @{
|
|
'StartTime' = $StartTimestamp
|
|
'EndTime' = $EndTimestamp
|
|
'LogName' = $logs
|
|
}
|
|
|
|
$winEvents = Get-WinEvent -FilterHashTable $FilterTable -ErrorAction SilentlyContinue | Sort-Object -Property TimeCreated
|
|
$winEvents | Export-Csv -Path '.\LogActivity-eventlogs.csv' -Append
|
|
|
|
## Find all local volumes
|
|
$drives = (Get-PSDrive -PSProvider FileSystem -Scope Local -ErrorAction SilentlyContinue).where({ $_.Root -match '\w{1}:\\$'}) | Select-Object -ExpandProperty Root
|
|
$drives = "C:\"
|
|
$searchPattern = $LogFileExtension | ForEach-Object { "*.$_" }
|
|
|
|
Get-ChildItem -Path $drives -Include $searchPattern -Recurse -File -ErrorAction SilentlyContinue |
|
|
Where-Object {
|
|
$_.LastWriteTime -ge $StartTimestamp -and $_.LastWriteTime -le $EndTimestamp } | Export-Csv -Path '.\LogActivity-textlogs.csv' -Append
|