event-log-manager

To enable script execution, you may need to Set-ExecutionPolicy Bypass -Force

This script will optionally enable / disable debug and analytic event logs.
This can be against both local and remote machines.
It will also take a regex filter pattern for both event log names and traces.
For each match, all event logs will be exported to csv format.
Each export will be in its own file named with the event log name.
Script has ability to 'listen' to new events by continuously polling configured event logs.

Requirements:
   - administrator powershell prompt
   - administrative access to machine
   - remote network ports:
       - smb 445
       - rpc endpoint mapper 135
       - rpc ephemeral ports
       - to test access from source machine to remote machine: dir \\%remote machine%\admin$
   - winrm
       - depending on configuration / security, it may be necessary to modify trustedhosts on
       source machine for management of remote machines
       - to query: winrm get winrm/config
       - to enable sending credentials to remote machines: winrm set winrm/config/client '@{TrustedHosts="*"}'
       - to disable sending credentials to remote machines: winrm set winrm/config/client '@{TrustedHosts=""}'
   - firewall
       - if firewall is preventing connectivity the following can be run to disable
       - Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
       
Copyright 2017 Microsoft Corporation

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.