PowerShell Tutorials Event Viewer #1 : Get-EventLog
HTML-код
- Опубликовано: 30 июл 2024
- Learn how to parse the event logs with PowerShell using the get-eventlog cmdlet, this cmdlet is easy to use and quite efficient for common lookups learn how to use the cmdlet and how to go through the events to get the information you want, using the security log as a example.
Tags:
PowerShell
GUI
Programming
Scripting
Automating
JackedProgrammer
Coding 
Наука
Well, you are one of the few people that have a very good way to explain PS and how it works. Thank you! Keep posting. The future is yours man!
No problem, thank you! Glad you're enjoying the videos :)
Excellent work and thank you for your time. we are expecting more from you especially to audit security events .
Thank you, glad your enjoying the videos :)
this is an amazing work in teaching us how this work! thanks a lot buddy! you are the best 🤘
Nicely done! I know PS is mainly for Admin types but if you could throw a few home user videos our way that'd be appreciated. Also, it would be helpful if you could write out the commands used for a quick cut & paste.
BTW, couldn't get Get-EventLog -LogName Security to work on PSv7, so what is the best way to find if a command has been deprecated?
Great tutorial sir.. please show me how to append the logs into database table (ex: MySQL)
Well...that escalated quickly😵💫
Great explanation. However, i need to filter the "Message" field. I just replaced the "ReplacementStrings" with "Message" in your code. It dosen't give the similar type of output. Its listing just one alphabet for each position it seems the output was like, see below . Unlike in ReplacementStrings its give entire word or line
0 - A
1- e
Thanks for the video. What if I want to add a column for logon/out time? The ReplacementStrings do not have time.
Hi, this would actually be accomplished by using the event property called timecreated. This will give you the time the event happened at, giving you the time of login and logout based on the respective event id.
Nice video as always mate. Maybe you could top it up with send an email notification if the even is found.😉
Thanks Allferry! Haha you read my mind, I have a video thats going to show how to send email using powershell coming very soon and Ill have other videos that will then use that feature.
@@jackedprogrammer Great mate. I’ve been suggesting your videos to my IT mates. They find them very useful. Good job.
Is it possible to get the Event Log of a computer remotely ?
is the index the same one very pc?
Do you have a copy of this video for “get win event,” power shell seven?
How would you this by the day?
I would schedule this through the task scheduler for a time of day grabbing the last 24 hours of events you want to grab :)
Hey sir. How can I filter event viewer security logs by event ID and Account Name using PowerShell ? Account Name, which was locked. I am specifically looking for event ID 4740 for Account Name, which was locked. Thanks.
Hey thanks for your help!! and because you gave me an idea, I tried to pipe it in powershell heres the code. it took me hours to figure the getValue switch XDD
Get-EventLog -LogName Security -Source "Microsoft-Windows-Security-Auditing" -EntryType FailureAudit -After $(Get-Date).AddHours(-10) | Select-Object -Property @{Name='Computer Name';Expression={$_.ReplacementStrings.GetValue(1)}},@{Name='Domain Name';Expression={$_.ReplacementStrings.GetValue(2)}},@{Name='User Name';Expression={$_.ReplacementStrings.GetValue(6)}}, @{Name='IP Address';Expression={$_.ReplacementStrings.GetValue(19)}}