This script was put together very quickly to accomplish the objective stated in the title.

   1: #requires -version 2.0
   2: <#
   3: author: Johan Vosloo
   4: date: 24/11/2011
   5: purpose: Retrieve event id’s from multiple machines and add to a CSV file.
   6: #>
   7: Try
   8:     {
   9:     $servers=get-content c:\scripts\servers.txt
  10:     $date=(Get-Date).AddDays(-7)
  11:     foreach ($server in $servers)
  12:         {
  13:         if (test-connection $server -quiet)
  14:             {
  15:             $arr1+=get-eventlog -logname system -cn $server -after $date | ?{$_.eventid -eq "21" -or $_.eventid -eq "4201"} | select MachineName,EventID,EntryType,Message
  16:             $arr2+=get-eventlog -logname application -cn $server -after $date | ?{$_.eventid -eq "902" -or $_.eventid -eq "1003"} | select MachineName,EventID,EntryType,Message
  17:             $arr3+=get-eventlog -logname "windows powershell" -cn $server -after $date | ?{$_.eventid -eq "4004"} | select MachineName,EventID,EntryType,Message
  18:             }
  19:         }
  20:         if ($arr1)
  21:             {$arr1 | export-csv c:\scripts\sysoutput.csv -notypeinformation}
  22:         else
  23:             {"No matching system log events found..."}
  24:         if ($arr2)
  25:             {$arr2 | export-csv c:\scripts\appoutput.csv -notypeinformation}
  26:         else
  27:             {"No matching application log events found..."}
  28:         if ($arr3)
  29:             {$arr3 | export-csv c:\scripts\psoutput.csv -notypeinformation}
  30:         else
  31:             {"No matching powershell log events found..."}
  32:     }
  33: Catch
  34:     {
  35:     "An error occurred"
  36:     }

Requirements:

  • PowerShell v2.0
  • A servers.txt file in a c:\scripts folder