SYS320 Week 8 lab - JadenGil/Jaden-Tech-Journal GitHub Wiki

# StoryLine: Reveiw te sec event log

# Dir t0 save files $myDir = "C:\Users\jaden.gilmond\Desktop\"

# List all the avaiable win event logs Get-EventLog -List

# Create a prompt to allow user to select the log to view $readlog = Read-Host -Prompt "Please select a log to review from the list above"

# Print the results for the log Get-EventLog -LogName $readLog -Newest 40 | where {$_.Message -ilike "*new process has been*" } | export-csv -NoTypeInformation `` -Path "$myDir\securityLogs.csv"`

#Task: Create a Prompt that allows all the users to specify a keyword or phrase to search on $searchPhrase = Read-Host -Prompt "Please enter a keyword or phrase to search for in the $readLog log"

# Find a string from your event logs on search Get-EventLog -LogName $readLog -Newest 40 | where {$_.Message -ilike "$searchTerm"} | export-csv -NoTypeInformation `` -Path "$myDir\securityLogs.csv" -Append`