Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to Monitor Windows Event Log Using Powershell and ADAudit Plus

Monitoring event logs is essential to get a wholesome picture of your organization's IT environment. Event logs provide a wealth of information about file access changes, administrative events, logon activity and so on. Tracking and recording critical events that occur within an organization's network is critical to satisfy security reviews and IT compliance requirements.

The following is a comparison between the procedures of monitoring event logs using Windows PowerShell and ADAudit Plus:

PowerShell

Steps to monitor event log using PowerShell:

  • Define the domain from which you want to collect the event logs.
  • Find the LDAP attributes you need to fetch the logs.
  • Compile the script.
  • Execute it in Windows PowerShell
  • The collected event logs will be exported in the specified format.
  • To export the logs in a different file format, modify the script accordingly.

Sample Windows PowerShell script

The following cmdlet gets events from local computer and saves it in .html format.

Get-EventLog -ReportType HTML -Path 'Mention the location where report needs to be saved, For Eg: C:\EventLogReports\Report1.html'

To fetch event logs from a remote computer, specify the computer name.

Get-EventLog -ComputerName Name of desired computer -ReportType HTML -Path "Mention the location where report needs to be saved, For Eg: C:\remoteLogReports\Report1.html"

In order to save the reports in xml format, replace HTML with XML in the above cmdlets.

The script can be altered to generate reports with other parameters such as -Before, -After (To get reports before and after a specific date and time respectively.), -EntryType (This parameter returns logs based on event status like warning, error, information, audit success or audit failure.) and so on.

ADAudit Plus

To obtain the report,

ADAudit Plus analyzes all security events of Windows environment and presents it in the form of intuitive reports for seamless analysis.

To view the reports under different categories, navigate to, Reports tab in ADAudit Plus console.

  • Select the required 'Domain' from the drop down option on the top right corner.
  • Select 'Export as' to export the report in any of the preferred formats (CSV, PDF, HTML, and XLS).
powershell-monitor-event-log-1

ADAudit Plus also allows users to generate custom reports.
Navigate to Analytics -> Custom Reports to build custom reports.

The self explanatory UI allows users to select parameters to be monitored and included in the report.

powershell-monitor-event-log-2

The report created by the user can be accessed by clicking on the View Custom Reports button. The report can also be exported in any of the preferred formats (PDF, XLS, HTML and CSV) by selecting the 'Export As' option.

Following are the limitations to obtain reports from Eventlog using native tools like Windows PowerShell:

  • We can run this script only from the computers which have Active Directory Domain Services role.
  • In order to export the report in other formats, the script needs to be modified each time.
  • Applying more filters will increase the LDAP query complexity.
  • Comprehending voluminous event log data to identify necessary information can be cumbersome.

ADAudit Plus will automatically scan all DCs in the domain to retrieve data from the Eventlog, generate the report and present it in a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  •  
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  •  
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By