请参阅通过 PowerShell 使用 FilterHashTable 筛选事件日志,以查看 2014 年 6 月 3 日的原创“脚本专家”博客文章。 本文摘录自此原创博客文章,并说明了如何使用Get-WinEventcmdlet 的 FilterHashtable 参数筛选事件日志。 PowerShell 的Get-WinEventcmdlet 是一种功能强大的方法,可用于筛选 Windows 事件和诊...
GetRandomCommand GetRunspaceCommand GetRunspaceDebugCommand GetServiceCommand GetTimeZoneCommand GetTraceSourceCommand GetTransactionCommand GetTypeDataCommand GetUICultureCommand GetUniqueCommand GetVariableCommand GetWinEventCommand GetWinEventCommand Constructors Properties ComputerName Credential...
# 查看系统日志监控设置 Get-WinEvent -ListLog * # 设置警报策略 Set-WinEvent -FilterHashtable @{LogName='Security'; StartTime=(Get-Date).AddHours(-1)} -MaxEvents 10 安全审计和合规性检查: powershellCopy Code # 查看安全审计日志 Get-WinEvent -LogName Security -MaxEvents 100 # 运行合规性扫...
1.右键点击开始菜单,打开Powershell命令窗口 2.查看日志系统启动事件 事件ID:6005 日志服务启动,表示系统启动;对应时间为机器具体开机时间 Get-WinEvent -FilterHashtable @{logname=’System’;id=6005}| fl
Get-WinEvent -FilterHashtable @{Logname='Security';ID=4624} | Select-Object -First 1 这个命令将会从安全日志中提取登录成功事件(事件ID为4624),并选择最早的一条。 在输出中,找到 "TimeCreated"(创建时间)的值。该值表示用户账户的上一次成功登录时间。
Powershell 按用户过滤安全事件日志,1、查询GetWinEventComputerNamedc01FilterHashtable@{logname='security';id=4740;data='gaowang'}SelectObjectPropertytimecreated,@{label='username';expression={_.properties0.value}},@{label='computername';ex
Get-WinEvent -FilterHashtable @{LogName='Security'} //安全相关 Get-WinEvent -FilterHashtable @{LogName='Security';Id=4625} //帐户登录失败 Get-WinEvent -FilterHashtable @{LogName='Security';Id=4624} //已成功登录账户 Get-WinEvent -FilterHashtable @{LogName='Security';Id=4634} //已注销账...
$Events = Get-WinEvent -ComputerName syddc01 -FilterHashtable @{Logname='Security';Id=4771} -MaxEvents 1 $eventXML = [xml]$Event.ToXml() $eventxml.event.event.data 1. 2. 3. 根据这个思路,我如果想获取最新的20个4771的事件日志,并输出结果 ...
Get-WinEvent -FilterHashTable @{LogName ="Microsoft-Windows-Hyper-V*"} But I would not recommend that, as you will get a lot of events! What is more useful is just displaying any error messages that were logged in the last 24 hours – with a command like this: ...
FilterHashtable Provides access to the FilterHashtable parameter. FilterXml Provides access to the FilterXml parameter. FilterXPath Provides access to the FilterXPath parameter. Force Provides access to the Force parameter. InformationAction Determines how information records should be handled by the acti...