如何使用PowerShell从“应用程序和服务日志"中读取Windows分析事件? [英] How can I read analytical Windows events from 'Applications and Services Logs' using PowerShell?
问题描述
我使用 Get-EventLog 读取事件.例如,使用此cmdlet,我可以成功读取 System 和 Security 事件日志.我还可以通过发出以下命令列出所有可用的日志:
I use Get-EventLog to read events. Using this cmdlet, I can successfully read the System and the Security event logs for example. I can also list all available logs by issuing the following command:
Get-EventLog -LogName * | Select-Object -Property Log
输出:
Log
---
Application
HardwareEvents
Internet Explorer
Key Management Service
OAlerts
Parameters
Security
State
System
Windows PowerShell
但是此列表并不包含您可以在应用程序和服务日志(例如e)下找到的所有日志.g .:我想从该路径读取可以在 Event Viewer 中浏览的事件:
But this list does not contain all of the logs you can find under Applications and Services logs, e. g.: I'd like to read the events from this path that can be traversed inside the Event Viewer:
Applications and Services Logs > Microsoft > Windows > DNS-Server > Analytical
我正在Windows DNS服务器上执行此操作,该服务器在 View 下启用了 Show Analog and Debug Logs ,并且还配置并启用了 Analytical 记录 DNS服务器.
I'm doing this on a Windows DNS-Server with Show Analytic and Debug Logs enabled under View and also a configured and enabled Analytical log for DNS-Server.
推荐答案
Tl; dr:
使用 Get-WinEvent 并添加 -Oldest 参数:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Analytical -Oldest
Get-EventLog 是用于读取Windows事件日志的旧式cmdlet,不能用于读取所有可用的事件日志(请在此cmdlet的文档中查找注释):
Get-EventLog is a legacy cmdlet to read the Windows event log and it cannot be used to read all available event logs (look for the note in the documentation of this cmdlet):
Get-EventLog使用不推荐使用的Win32 API.结果可能不准确.请使用Get-WinEventcmdlet.
Get-EventLoguses a Win32 API that is deprecated. The results may not be accurate. Use theGet-WinEventcmdlet instead.
使用 Get-WinEvent ,您可以使用 Get-WinEvent -ListLog * 列出所有可用日志,也可以过滤所有与DNS相关的日志:
With Get-WinEvent you can list all available logs using Get-WinEvent -ListLog * or you can filter for all DNS related logs:
Get-WinEvent -ListLog *DNS* | Select-Object -Property LogName
输出:
LogName
-------
DNS Server
Microsoft-Windows-DNS-Client/Operational
Microsoft-Windows-DNSServer/Audit
添加 -Force 参数还可以看到 Debug 和 Analytical 事件:
Add the -Force parameter to also see Debug and Analytical events:
LogName
-------
DNS Server
Microsoft-Windows-DNS-Client/Operational
Microsoft-Windows-DNSServer/Analytical
Microsoft-Windows-DNSServer/Audit
您可以通过将事件名称传递给 -LogName 参数来读取事件:
You can read the events by passing those names to the -LogName parameter:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Audit
尝试读取 Microsoft-Windows-DNSServer/Analytical 日志时会出现错误:
You'll get an error when trying to read the Microsoft-Windows-DNSServer/Analytical log:
Get-WinEvent : The Microsoft-Windows-DNSServer/Analytical event log can be read only in the forward chronological order because it is an analytical or a debug log. To see events from the Microsoft-Windows-DNSServer/Analytical event log, use the Oldest parameter in the command.
所以只需添加 -Oldest ,就可以了:
So just add -Oldest and you are good to go:
Get-WinEvent -LogName Microsoft-Windows-DNSServer/Analytical -Oldest
这篇关于如何使用PowerShell从“应用程序和服务日志"中读取Windows分析事件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
