AnswerIs it possible to archive exported EVT(X) files using GFI EventsManager?
GFI Eventmanager 2013 can be used with a script to perform the archival of exported EVTX files.
Please follow these steps to complete the operation:
- Download the script.
- Save the script in a folder
- Open the windows powershell and browse to the folder where the script is saved.
- Type: .\script.ps1 -folder path -LogName mysavedlog -Source sourcename
- Folder - specifies which folder to enumerate for .evtx files;
- LogName - specifies the name of the custom event log to create;
- Source - specifies what source the events would appear to be coming from
.\script.ps1 -folder c:\MyEvents -LogName myevents -Source PC-W704
The script takes as input a folder, reads all the .evtx files from it, and imports them into EventViewer.
Open the Windows Events and the event imported should be listed there.
The next steps will be to add this new folder to the computer source in GFI Events Manager;
- In GFI EventsManager browse to configuration>Events Source
- Select the computer – right-click properties
- Under the Windows Events click the button “Add” to add the new event type created
NOTE: When downloading files from the Internet it is important to check the properties of the file to ensure that they were not blocked. If there is a "unblock" button at the bottom of the properties, click that to unblock the file.