##方法5:Write-Host-ForegroundColor Green"测试Get-WinEvent,使用XML过滤(条件:Eventid=4625、近1天、关键词审核失败)"#Using the FilterXML parameter:$XMLFilter=@'<QueryList><Query Id="0"Path="Security"><Select Path="Security">*[System[band(Keywords,4503599627370496)and(EventID=4625)and TimeCreated[...
一、功能 Get-EventLog命令主要用于获取指定事件日志的内容,从而帮助管理员查看和诊断系统或应用程序运行过程中产生的各种问题。二、基本用法 基本语法为:powershell复制代码 Get-EventLog [-LogName] <string> [[-InstanceId] <int32[]>] [[-EntryType]<string[]>] [[-Message] <string>] [[-Source] <...
13296 Jan 16 13:53 Error DCOM 10016 The description for Event ID '10016' in Source... 13291 Jan 16 13:51 Error DCOM 10016 The description for Event ID '10016' in Source... 13245 Jan 16 11:45 Error DCOM 10016 The description for Event ID '10016' in Source... 13230 Jan 16 11:07...
Get-EventLog [-logName] <string> [-newest <int>] [<CommonParameters>] logname为日志名称 -newest为最新的前指定个日志数 Get-EventLog [-list] [-asString] [<CommonParameters>] get-eventlog有两种用法,一种是指出Logname后获得指定logname日志中的所有日志,如果你指定了newest参数,那么会返回你最新的前...
Get-EventLog[-LogName] <String> [-ComputerName <String[]>] [-Newest <Int32>] [-After <DateTime>] [-Before <DateTime>] [-UserName <String[]>] [[-InstanceId] <Int64[]>] [-Index <Int32[]>] [-EntryType <String[]>] [-Source <String[]>] [-Message <String>] [-AsBaseObject]...
Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-Before <DateTime>] [-ComputerName <String[]>] [-EntryType <String[]>] [-Index <Int32[]>] [-Message <String>] [-Newest <Int32>] [-Source <String[]>] [-UserName <String[]>] [<CommonPara...
Get-EventLog [-AsString] [-ComputerName <string[]>] [-List] [<CommonParameters>] Get-EventLog [-LogName] <string> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <string[]>] [-EntryType <string[]>] [-Index <Int32[]>] [-...
Disk information $a=gwmi win32_logicaldisk -fi "drivetype=3" -comp "WM28101Q" | Select DeviceID,size,FreeSpace,System Display a progress bar within a column in the DataGridView Display all properties of an AD Computer object Display Japanese characters in English Powershell console Display Mes...
Get-EventLog [-LogName] <String> [-ComputerName <String[]>] [-Newest <Int32>] [-After <DateTime>] [-Before <DateTime>] [-UserName <String[]>] [[-InstanceId] <Int64[]>] [-Index <Int32[]>] [-EntryType <String[]>] [-Source <String[]>] [-Message <String>...
Get-EventLog system -after (get-date).AddDays(-1) | where {$_.InstanceId -eq 7001} To learn when the computer was turned on a specific date, you can select the first logged event: $today = get-date -Hour 0 -Minute 0; Get-EventLog system -after $today | sort -Descending | sel...