PowerShell - Extract All Logs and System Info

Written by Ines

Last published at: January 27th, 2023

Script Events

  1. Check if SRW or ThinKiosk paths are available
  2. Once SRW or ThinKiosk is detected, gather all files with .log and .log_old extensions
  3. Create a new Folder on user's desktop named "TS Logs"
  4. Query the system for the following info: OS, Net framework, CPU, Windows Events (Application and System) and save them in the TS Logs as .csv files
  5. Copy the .log files from the SRW or ThinKiosk install directories to TS Logs directory
  6. Compress the folder into an archive named Logs_<computername>.zip
  7. Remove TS Logs folder

 

Script Example

 

 

 

Click to Zoom

Script

Note!

This script requires Powershell 7 to be run!

 

 



 #check if Powershell 7 installed


$installed = Get-wmiobject -class win32_product | where {$_.Name -like 'Powershell 7*'}
if ($installed -eq $null){Write-Host "Powershell 7 installation not detected. Please install the latest Powershell 7 version to be able to run this script." -ForegroundColor Red
                            exit}
else {Write-Host "Powershell 7 installation detected. Version:" $installed.Version -ForegroundColor Green
Write-Host "Please make sure to be running this script using the Powershell 7 terminal or module within third party applications." -ForegroundColor Yellow}

    #parameters
$folderSRW = 'C:\Program Files (x86)\SRW'
$folderTK = 'C:\Program Files (x86)\ThinKiosk'
$Destination = "$env:HOMEPATH\Desktop\TSLogs"


# start script
$testSRWp = Test-Path $folderSRW

if ($testSRWp -eq $false){}
else {

    $LogsAll = Get-ChildItem $folderSRW
    $Logs = $LogsAll | where {($_.Name -like "*.log") -or ($_.Name -like "*.log_old")}


    New-Item -Path "$env:HOMEPATH\Desktop" -Name TSLogs -ItemType Directory -Force -Confirm:$False

    
    $OS = Get-CimInstance -ClassName Win32_operatingsystem | select *
    $NET = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\*" | select-Object Version, Release
    $CPU = Get-CIMInstance -ClassName Win32_Processor | select *
    $Date = (Get-Date).AddDays(-3)
   
    $AppEvents = Get-EventLog -LogName Application -After $Date -EntryType Error,Warning | select TimeWritten, Source,MachineName,EntryType,Message
    $SysEvents = Get-EventLog -LogName System -After $Date -EntryType Error,Warning | select TimeWritten, Source,MachineName,EntryType,Message

    & {                                
        $PSStyle.OutputRendering = 'Host'    # or PlainText
        $OS | Out-File $Destination\PCdetails.txt
        $NET | fl | Out-File $Destination\NETfwork.txt
        $CPU | fl | Out-File $Destination\CPU.txt
        $PSStyle.OutputRendering = 'Ansi'
     }

     $AppEvents | export-csv $Destination\AppEvents.csv -noTypeInformation
     $SysEvents | export-csv $Destination\SysEvents.csv -noTypeInformation

    Copy-Item -Path $logs.FullName -Destination $Destination -Force -Confirm:$False
    
    Compress-Archive -Path $Destination -DestinationPath "$env:HOMEPATH\Desktop\Logs_$env:COMPUTERNAME.zip" -Force -Confirm:$false

    Remove-Item -Path $Destination -Recurse -Force -Confirm:$False

    

}


$testTKp = Test-Path $folderTK

if ($testTKp -eq $false){}
else {

    $LogsAll = Get-ChildItem $folderTK
    $Logs = $LogsAll | where {($_.Name -like "*.log") -or ($_.Name -like "*.log_old")}

    New-Item -Path "$env:HOMEPATH\Desktop" -Name TSLogs -ItemType Directory -Force -Confirm:$False

    $OS = Get-CimInstance -ClassName Win32_operatingsystem | select *
    $NET = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\*" | select-Object Version, Release
    $CPU = Get-CIMInstance -ClassName Win32_Processor | select *
    $Date = (Get-Date).AddDays(-3)

    $AppEvents = Get-EventLog -LogName Application -After $Date -EntryType Error,Warning | select TimeWritten, Source,MachineName,EntryType,Message
    $SysEvents = Get-EventLog -LogName System -After $Date -EntryType Error,Warning | select TimeWritten, Source,MachineName,EntryType,Message

    & {                                
        $PSStyle.OutputRendering = 'Host'    # or PlainText
        $OS | Out-File $Destination\PCdetails.txt
        $NET | fl | Out-File $Destination\NETfwork.txt
        $CPU | fl | Out-File $Destination\CPU.txt
        $PSStyle.OutputRendering = 'Ansi'
     }

     $AppEvents | export-csv $Destination\AppEvents.csv -noTypeInformation
     $SysEvents | export-csv $Destination\SysEvents.csv -noTypeInformation

    Copy-Item -Path $logs.FullName -Destination "$env:HOMEPATH\Desktop\TSLogs" -Force -Confirm:$False
    
    Compress-Archive -Path "$env:HOMEPATH\Desktop\TSLogs" -DestinationPath "$env:HOMEPATH\Desktop\Logs_$env:COMPUTERNAME.zip" -Force -Confirm:$false

    Remove-Item -Path "$env:HOMEPATH\Desktop\TSLogs" -Recurse -Force -Confirm:$False

    

}