get-wmiobject使用Win32_NTLogEvent拉日志 [英] get-wmiobject to pull logs using Win32_NTLogEvent

问题描述

我必须使用get-wmiobject将日志从远程服务器中拉出. WinEvent不适用于2003服务器，并且我被事件日志阻止了.当我在powershell中运行以下命令时，效果很好，但是当我将输出发送到文件中时，得到的结果却完全不同，我不确定为什么吗?

I have to use get-wmiobject to pull logs off of a remote server. WinEvent doesn't work with 2003 servers and I'm getting blocked using eventlog. When I run the following command in powershell it works just fine, but when I send the output to a file I get completely different results and I'm not sure why?

Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")

powershell中的输出:

The output in powershell:

Category         : 8
CategoryString   : Installation
EventCode        : 19
EventIdentifier  : 19
TypeEvent        :
InsertionStrings : {Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)}
LogFile          : System
Message          : Installation Successful: Windows successfully installed the following update: Update for Microsoft .
                   NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)

将同一命令转换为变量并移动($x > file.txt)的输出是完全不同的.

The output of the same command made into a variable and moved ($x > file.txt) is completely different.

servername\root\cimv2:Win32_NTLogEvent.Logfile="System",RecordNumber=89477

有什么想法吗?

编辑**

foreach($server in $servers) {
 $day = (Get-Date -UFormat %d)
 $hour = (Get-Date -UFormat %M)
 if ( $hour -lt "30") {
  $BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-30))
  $log = (Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")
 }
 $FullLog += $server + '= [{ 
        "logfile":"' + $log + '"
        }]' + "`r`n"
}
Clear-Content UpdateLog.js
$FullLog > UpdateLog.js

推荐答案

所以答案是，包含日志信息的变量不能与另一个变量中的其他字符串组合.

So the answer was that the variable that contained the log information couldn't be combined with other strings in another variable.

$FullLog += $server + $log (would not work)
$FullLog += $log (would work)

解决方案?我分手了信息:

Solution? I broke up the information:

foreach($server in $servers) {
 $BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-30))
 $mylog = Get-WmiObject Win32_NTLogEvent -filter "(logfile='system') AND (EventCode='19') AND (TimeWritten>'$BeginDate')" -computername $server
 $First = $server + '= [{ 
        "SuccessUpdate":"'
 $Last = '"}]'      

 $First >> UpdateLog.js
 $mylog >> UpdateLog.js
 $Last >> UpdateLog.js
 write-host $server "logs are uploaded."
}

这篇关于get-wmiobject使用Win32_NTLogEvent拉日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！