# encoding: ascii
# api: powershell
# title: Export ASP Events 2 evtx
# description: Export all ASP generated events in the application event log to a .evtx file. Note that a separate file will be made for each “provider” or .Net version installed.
# version: 0.1
# author: anonymous
# license: CC0
# x-poshcode-id: 3999
# x-archived: 2013-03-10T11:04:55
# x-published: 2013-03-06T20:45:00
#
#
# Be sure to include the tailing backslash "\"
$DstFolder = "D:\somefolder\"
$EvtSession = New-Object System.Diagnostics.Eventing.Reader.EventLogSession($env:computername)
[string[]] $ProviderList = $EvtSession.GetProviderNames() | Select-String asp
for($i=0;$i -lt $ProviderList.Length;$i++){
$EvtQuery = "*[System/Provider/@Name=`""+$ProviderList[$i]+"`"]"
$Dst = $DstFolder+$env:computername+"_"+($ProviderList[$i]).replace(" ","_")+".evtx"
if(Test-Path -Path $Dst){Remove-Item -Path $Dst -Force}
$EvtSession.ExportLogAndMessages('Application','LogName',$EvtQuery,$Dst)
}