Powershell 安全日志 Get-EventLog [英] Powershell Security Log Get-EventLog
问题描述
我正在尝试在 powershell 中写一些东西,并且对 powershell 完全陌生,我需要帮助.我要做的是从安全日志中获取信息.具体来说,用户在过去两周内的最后一次登录.到目前为止,我拥有的代码是根据最近 100 个事件获取事件 ID 4624 的登录名.这不仅返回用户,还返回计算机.如何在两周内将结果仅限于用户?这甚至可能吗?
I am trying to write something up in powershell and completely new to powershell, I need help. What I'm trying to do is get information from the Security Log. Specifically, the last login for users over the last two weeks. The code that I have so far is getting login's for the event ID 4624 based on the last 100 events. This is also returning not just users but computers as well. How can I limit the results to just users over a period of two weeks? Is this even possible?
$eventList = @()
Get-EventLog "Security" -After $Date `
| Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[4].Length -gt 10} `
| foreach-Object {
$row = "" | Select UserName, LoginTime
$row.UserName = $_.ReplacementStrings[5]
$row.LoginTime = $_.TimeGenerated
$eventList += $row
}
$eventList
用代码解决
$Date = [DateTime]::Now.AddDays(-14)
$Date.tostring("MM-dd-yyyy"), $env:Computername
$eventList = @()
Get-EventLog "Security" -After $Date `
| Where -FilterScript {$_.EventID -eq 4624 -and $_.ReplacementStrings[4].Length -gt 10 -and $_.ReplacementStrings[5] -notlike "*$"} `
| foreach-Object {
$row = "" | Select UserName, LoginTime
$row.UserName = $_.ReplacementStrings[5]
$row.LoginTime = $_.TimeGenerated
$eventList += $row
}
$eventList
推荐答案
使用 -before
和 -after
参数按日期过滤日志.使用 get-help get-eventlog -full
查看所有参数.
Use -before
and -after
parameters to filter the log by date. Use get-help get-eventlog -full
to see all the parameters.
这篇关于Powershell 安全日志 Get-EventLog的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!