Open bodik opened 5 years ago
to switch from live log to offline file
https://github.com/bodik/defender/blob/923dbe3120692ec0f29c1924d8d7c3141744d5a5/tools/windows/toolbox/eventlog-services.ps1#L15
$events = Get-WinEvent -FilterHashtable @{Path="system.evtx";ID=7030,7045} -Oldest
bodik
commented
5 years ago bodik
commented
5 years ago
to switch from live log to offline file
https://github.com/bodik/defender/blob/923dbe3120692ec0f29c1924d8d7c3141744d5a5/tools/windows/toolbox/eventlog-services.ps1#L15
$events = Get-WinEvent -FilterHashtable @{Path="system.evtx";ID=7030,7045} -Oldest