ADD file via upload

source/windows-log-collector-full-v3-EVTX.ps1

@@ -0,0 +1,101 @@
+try{
+New-Item -ItemType "directory" -Path "wineventlog"
+
+}
+catch
+{
+echo "can't create a new directory"
+}
+
+try{
+ wevtutil epl Security wineventlog/Security.evtx
+}
+catch 
+{
+echo "Can't retrieve Security Logs"
+}
+
+try
+{
+ wevtutil epl System wineventlog/System.evtx
+}
+catch 
+{
+echo "Can't retrieve System Logs"
+}
+
+try{
+wevtutil epl Application  wineventlog/Application.evtx
+}
+catch 
+{
+echo "Can't retrieve Application Logs"
+}
+
+
+try{
+wevtutil epl "Windows PowerShell"  wineventlog/Windows_PowerShell.evtx
+}
+catch 
+{
+echo "Can't retrieve Windows PowerShell Logs"
+}
+
+try{
+wevtutil epl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"  wineventlog/LocalSessionManager.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-TerminalServices-LocalSessionManager/Operational Logs"
+}
+
+try{
+wevtutil epl "Microsoft-Windows-Windows Defender/Operational"  wineventlog/Windows_Defender.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-Windows Defender/Operational Logs"
+}
+
+try{
+wevtutil epl Microsoft-Windows-TaskScheduler/Operational  wineventlog/TaskScheduler.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-TaskScheduler/Operational Logs"
+}
+
+try{
+wevtutil epl Microsoft-Windows-WinRM/Operational  wineventlog/WinRM.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-WinRM/Operational Logs"
+}
+
+try{
+wevtutil epl Microsoft-Windows-Sysmon/Operational  wineventlog/Sysmon.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-Sysmon/Operational Logs"
+}
+
+
+try{
+wevtutil epl Microsoft-Windows-PowerShell/Operational  wineventlog/Powershell_Operational.evtx
+}
+catch 
+{
+echo "Can't retrieve Microsoft-Windows-PowerShell/Operational Logs"
+}
+
+
+try
+{
+Compress-Archive -Path wineventlog -DestinationPath ./logs.zip
+}
+catch
+{
+echo "couldn't compress the the log folder "
+}