看到网上有文章说Invoke-Command的方式相较其他方式的效率要高,特地试验了一下,但是这个实验不是很好:
机器只有2台
0. 用Get-WinEvent,日志数=200,Invoke方式快
1. 用Get-WinEvent,日志数=20,Invoke方式慢
2. 用Get-EventLog,日志数量只有在到一定量级后(实验中我用了6000),Invoke方式才可能快
Measure-Command -Expression {
@('hghwdc002','hghwdc001') | foreach {
Get-WinEvent -ComputerName $_ -LogName security -MaxEvents 200
}}
#TotalMilliseconds : 33661.7414
Measure-Command -Expression {
@('hghwdc002','hghwdc001') | foreach {
Invoke-Command -ComputerName $_ -ScriptBlock {
Get-WinEvent -LogName security -MaxEvents 200
}}}
#TotalMilliseconds : 30871.9812
Measure-Command -Expression { @('hghwdc002','hghwdc001') | foreach { Get-EventLog -ComputerName $_ -LogName security -Newest 6000 }} #TotalMilliseconds : 21783.0391 Measure-Command -Expression { @('hghwdc002','hghwdc001') | foreach { Invoke-Command -ComputerName $_ -ScriptBlock { Get-EventLog -LogName security -Newest 6000 }}} #TotalMilliseconds : 20759.0178
参考:
http://beanxyz.blog.51cto.com/5570417/1746701