How to backup/export an event log to an evtx file with PowerShell
A simple method with a oneliner bonus.
Tag: Eventlog
“New” audit Logon/Logoff and other event IDs
When you are searching Logon or Logoff event ID numbers, you may find a lot of old sites talking about ID 528 and ID 538. However, since Windows 7 and Windows Server 2008 R2, these event IDs don’t apply anymore and are completely useless for those more recent operating systems. The Advanced Security Audit Policy […]
[Solved] Get-WinEvent returns messages with three dots
When you display log entries with Get-WinEvent, you may see some empty lines with only three dots. This happens because the first line of the message is empty, and Windows wants to show that there is more data after this empty line. To see the whole message, pipe your events to the Format-List cmdlet.
itluke.online 