Report generation taking a long time anywhere from 6 hours plus.

[BigMac80]

Firstly i wanted to give you kudos on providing these great modules, its very helpful.

We have tried both the legacy and v2 of PSWinReporting and we are finding that the script takes forever to process and can take 6hours plus too complete.

We have 20 domain controllers dispersed globally connected over VPN links with decent connections. The average log file size is between 100MB-500MB for the DCs.

I have run the following command the security events are working as expected.

Get-WinEvent -LogName 'Security' -MaxEvents 5 -ComputerName 'DC'

ProviderName: Microsoft-Windows-Security-Auditing

TimeCreated Id LevelDisplayName Message

---

19/07/2022 11:00:14 4634 Information An account was logged off.... 19/07/2022 11:00:05 4634 Information An account was logged off.... 19/07/2022 11:00:04 4624 Information An account was successfully logged on.... 19/07/2022 11:00:04 4624 Information An account was successfully logged on.... 19/07/2022 10:59:50 4634 Information An account was logged off....

Here is the current version of the components.

PS C:\Windows\system32> get-module -ListAvailable PSSharedGoods, PSWinReportingv2, PSEventViewer | Select Name, Version

Name Version

---

PSEventViewer 1.0.22 PSSharedGoods 0.0.231 PSWinReportingV2 2.0.22

I have also disabled collections of UserLogon events, GPO changes etc.

Any help you can provide would be appreciated.

[PrzemyslawKlys]

Configure event forwarding for DCS and forward only relevant events to it. Point PSWinReporting to it. That's the best approach. Will cut the time to minutes.

[BigMac80]

I was considering event forwarding but do you have a guide that details the process too get it working using your modules. Thanks

[PrzemyslawKlys]

This is an old article https://evotec.xyz/pswinreporting-forwarders-microsoft-teams-slack-microsoft-sql-and-more/ but should work still. In Examples folder there are some help scripts to set it up.

[BigMac80]

Great thanks.