function Get-ADAuditLogsv2{

Param ($from = “abc@domain.local”,
$smtpserver=”172.16.1.16″,
$to=”ITserviceDesk@domain.local”,
$servers = (“DCVM01”),
$eventids = @(1076,1039),
$date = ((Get-Date).AddMinutes(-60))

)
$ErrorActionPreference= ‘silentlycontinue’
foreach ($server in $servers){
foreach ($eventid in $eventids) {

$events = Get-WinEvent -FilterHashtable @{logname=’security’;id=$eventid;StartTime=$date} -ComputerName $server
if ($events -ne $null){
foreach ($event in $events){
$eventmessage=$event.message.split(“`n”)[0..16]
$eventsubject=$event.message.split(“`n”)[0]
$eventsubject=$eventsubject.replace(“`n”, “”)
$eventsubject=$eventsubject.replace(“`r”, “”)
$timecreated=$event.timecreated
$body = @($timecreated,$eventmessage )| Out-String
$subject= “Event ID” + ” ” + $eventid + ” ” + $eventsubject
Send-MailMessage -Body $body -From $from -SmtpServer $smtpserver -Subject $subject -To $to
}
}

}

}
Get-Date | Out-File c:\errorlog.txt -Append -Force
$Error | Out-File c:\errorlog.txt -Append -Force
}
Get-ADAuditLogsv2

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s