locked
Dynamic Report on current Security logfile sizes in the domain and export to file RRS feed

  • Question

  • I have been asked by my organisation to change the audit policy on the domain as such I have been asked to increase the Security log to 3 Gb. Whilst I am able to change this in group policy easily I am running in to difficlty in being able to query the current logfile statistics (mainly maximinum logfile size) for all of the servers in the domain.

    I have tried using powershell scripts to get server lists but then either pulling in the files in to WMI to run a query remotely has just be fraught with error messages. Now I am no poweshell scripter but I have tried adapting various scripts out there that don't quite do what i want.

    The closest to what I need on a single server is:

    get-eventlog -list -computer $server | select Maximumkilobytes, Log

    This works fine but I want to be able to execute this against the entire domain and export my results (untruncated).

    I have played with :gwmi-computername"myservername"Win32_NTEventlogFile|Select-f20|ftfilename,OverWritePolicy,FileSize,maxfilesize,@{Name="FileSize (GB)";Expression={[math]::round($($_.filesize/1GB),3)}},@{Name="MaxFileSize (GB)";Expression={[math]::round($($_.maxfilesize/1GB),3)}},numberofrecords,status,PSComputername

    I really want to report on all domain computers  the Maximumkilobytes sizes in an export file so that I

    can compare them later after changing group policy.

    This is probably really easy for scripters out there but if anyone can help me out I would very much appreciate it.

    Many thanks

    OK since I posted  I have managed to get something working:

    $server=get-content-pathC:\!scripts\Powershell\servers.txt

    get-eventlog-list-computer$server|Where-Object{$_.logdisplayname -eq"Security"} |selectMachineName,MaximumKilobytes,OverflowAction

    Just need to refine it but essentially a couple of cips of tea and the grey matter started working again.

    if anyone as a better script I would sill be interested


    • Edited by Phil Baker NPS Wednesday, May 3, 2017 9:08 AM found my own solution
    • Moved by Bill_Stewart Friday, July 7, 2017 4:22 PM User answered own question
    Wednesday, May 3, 2017 8:36 AM

All replies

  • Get-AdComputer -Filter * | %{ Get-WinEvent -Listlog Security -Computer $_.Name }

    \_(ツ)_/

    Wednesday, May 3, 2017 9:26 AM