This PowerShell Module has multiple functionalities, but one of the signature features of this module is the ability to parse Security logs on Domain Controllers providing easy to use access to AD Events.
@snd3r What do you think on approach like this? Since the new version of PSWinReporting will be basically able to scan any Event Log and allow building your own reports I need to provide a good way to pass Servers to define.
Servers = @{
UseForwarders = $true # if $true skips Automatic/OnlyPDC/DC for reading logs. However it uses Automatic to deliver size of logs so keep Automatic to $true
ForwardServer = 'EVO1'
ForwardEventLog = 'ForwardedEvents'
UseDirectScan = $true
Automatic = $true # will use all DCs for a forest
OnlyPDC = $false # will use PDC of current domain returned by Get-ADDomain
DC = ''
}
ArchiveProcessing = @{
Use = $true
Directories = [ordered] @{
#MyEvents = 'C:\MyEvents' #
#MyOtherEvent = 'C:\MyEvent1'
}
Files = [ordered] @{
#File1 = 'C:\MyEvents\Archive-Security-2018-09-14-22-13-07-710.evtx'
}
}
@snd3r What do you think on approach like this? Since the new version of PSWinReporting will be basically able to scan any Event Log and allow building your own reports I need to provide a good way to pass Servers to define.
Old version: