Occasionally you may have to implement something which will improve the security of your organisation but that does introduce a risk. Often the correct way to determine if it will cause issues is to enable logging and then to review those logs.
But what if you don’t have centralised logging?
This article does not replace a fully functional centralised event logging system which I would strongly suggest anybody have, however, it will allow you to retrieve specific logs from all servers in your estate. If your estate is too large then the script can be modified to instead of storing all of the data in the $allEvents variable you could simply append it to an Excel file inside of the for each loop.Continue reading “PowerShell – How to Retrieve Specific Events From All Servers”