• PowerShell查询Windows事件日志

    $xml=@"
    <QueryList>
    <Query Id="0" Path="Security">
    <Select Path="Security">*[EventData[Data[@Name='ProcessName'] and (Data='c:windowssystem32winlogon.exe')]] and *[System[(EventID=4625) and TimeCreated[timediff(@SystemTime) &lt;= 3600000]]]</Select>
    </Query>
    </QueryList>
    "@

    $xml2=@"
    <QueryList>
    <Query Id="0" Path="Security">
    <Select Path="Security">*[System[band(Keywords,4503599627370496) and (EventID=4625)]]</Select>
    </Query>
    </QueryList>
    "@

    $events = Get-WinEvent -FilterXml $xml2
    $events.count
    $events[0]|select *

    $eventXML = [xml]$events[0].ToXml()
    $EventObject = New-Object system.object
    foreach ($e in $eventXML.Event.EventData.Data)
    { Add-Member -InputObject $EventObject -MemberType NoteProperty -Name $e.name -Value $e.'#text' }
    $EventObject.SubjectUserName

     https://www.jb51.net/article/73204.htm
  • 相关阅读:
    js下数据库 nedb lokijs
    ssh连接docker镜像ubuntu与debian
    Mint wine
    javscript 实现iframe加载内容页出现LOADING效果
    PHP 换行处理
    清风徐来
    php打包下载文件
    Jplayer用法
    js常用方法
    php环境搭建以及优化
  • 原文地址:https://www.cnblogs.com/dreamer-fish/p/14549482.html
Copyright © 2020-2023  润新知