# 以管理员身份运行 PowerShell
$StartDate = Get-Date -Year 2025 -Month 03 -Day 24
$EndDate = Get-Date -Year 2025 -Month 03 -Day 27
# 查看系统日志(按需替换日志名称,如 “Security”, “Application”)
Get-WinEvent -LogName “System” -FilterHashtable @{
StartTime = $StartDate
EndTime = $EndDate
} | Format-Table TimeCreated, Id, ProviderName, Message -AutoSize
# 导出到桌面(CSV 格式,兼容 Excel)
$DesktopPath = [Environment]::GetFolderPath(“Desktop”)
Get-WinEvent -LogName “System” -FilterHashtable @{ StartTime=$StartDate; EndTime=$EndDate } |
Export-Csv -Path “$DesktopPath\2025-03-24_to_2025-03-27_SystemLogs.csv” -NoTypeInformation
# 导出原生 .evtx 格式(保留完整元数据)
wevtutil epl System “$DesktopPath\SystemLogs.evtx” /q:”*[System[TimeCreated >= ‘2025-03-24T00:00:00’ and TimeCreated <= ‘2025-03-27T23:59:59’]]”
