#reads event logs for filter and exports to
$Date = (Get-Date).AddMinutes(-30)
$LogName = 'Security'
$ProviderName = "Microsoft-Windows-Security-Auditing"
$EventID = 6273
$computer = "server.microsoft.com"
Write-Output "Searching $computer"
$Events = Get-WinEvent -ComputerName $computer -FilterHashtable @{
LogName = $LogName
ProviderName = $ProviderName
Id = $EventID
StartTime = $Date
}
$report = @()
$Events | ForEach-Object -Process {
[xml]$ConvertedFromXML = $_.ToXml()
$params = @{}
foreach ($entry in $ConvertedFromXML.Event.EventData.Data) {
$name = $entry.Name
$Value = $entry.'#text'
$params[$name] = $Value
}
$report += [pscustomobject]$params
}
$report | Export-Csv -NoTypeInformation -Path "C:\Temp\Events.csv"