WMI provides a method to backup event log files as *.evt/*.evtx files. The code below creates backups of all available event logs:
Get-WmiObject Win32_NTEventLogFile |
ForEach-Object {
$filename = “$home\” + $_.LogfileName + ‘.evtx’
del $filename -ErrorAction SilentlyContinue
$_.BackupEventLog($filename).ReturnValue
}
ForEach-Object {
$filename = “$home\” + $_.LogfileName + ‘.evtx’
del $filename -ErrorAction SilentlyContinue
$_.BackupEventLog($filename).ReturnValue
}
By the way, you can read in the *.evt/*.evtx files created by this approach using Get-WinEvent -Path.
