ProcessLogger.ps1

#Sunny Chakraborty (@sunnyc7)(sunnyc7@gmail.com)
#License: MIT-3 > Use as you please + Don't Sue Me.
#FileMon tricks

Function Get-ProcessLaunches([string[]]$computer) {

BEGIN {
Function Write-Log([string]$info){            
if($loginitialized -eq $false){            
    $FileHeader > $logfile            
    $script:loginitialized = $True            
    }            
    $info >> $logfile            
} # End of Function Write-Log

#Logfile Path
$script:logfile = "c:\scripts\procmonlog.txt"            
}

PROCESS {
#WQL on InstanceCreationEvent
$query =  "Select * FROM __InstanceCreationEvent WITHIN 2 WHERE TargetInstance ISA 'Win32_Process'"

#Delete Previously Loaded Jobs
Get-Job -Name RemoteProcMon | Remove-Job | Out-Null

#WMI Event Monitor
Register-WmiEvent <#-ComputerName $computer#> -Query $query -SourceIdentifier RemoteProcMon -Action{
    $Global:RemoteProcMon=$event 
    Write-Host "$((get-date).ToLongTimeString()), $($Event.SourceEventArgs.NewEvent.TargetInstance.Name) started on $($Event.SourceEventArgs.NewEvent.TargetInstance.PSComputerName) with PID=$($Event.SourceEventArgs.NewEvent.TargetInstance.ProcessID) and ParentPID=$($Event.SourceEventArgs.NewEvent.TargetInstance.ParentProcessId)"
    # You can change Write-Host to Write-Log, and edit the log-path above to have the events logged to a file.
    
    }
    } # End Process
} # End of Function.

<# COMMENTS / Annotations.
 
02.11.2013 -Sunny:
 
I was going with a logging to a file, instead of building up Objects in memory to be processed by something in pipeline.
IMHO File / Database Logging is more appropriate in this situation.
I kept it at Write-host so that you can see the magic. You can use -Computername parameter in Register-WMI to run this against multiple computers
and have all of them log to one common path like c:\log\something
 
** Logging and other functions can be vastly improved.
 
This is really really rough draft.
 
** Running this program wont in production wont harm your computer with Write-Host intact.
If you use logging funtionality, it will log stuff. **
 
#>