powershell 针对日志的实例
来源:互联网 发布:张大奕的淘宝店 编辑:程序博客网 时间:2024/06/05 08:30
C:\PowerShell\AppendixB> get-eventlog -list
Max(K) Retain OverflowAction Entries Name
------ ------ -------------- ------- ----
512 7 OverwriteOlder 486 Application
512 7 OverwriteOlder 0 Internet Explorer
512 7 OverwriteOlder 1 Security
512 7 OverwriteOlder 2,166 System
PS C:\Users\Administrator> Get-Eventlog -Logname Security
Get-Eventlog -LogName Security|Where-Object {$_.message -match "Microsoft-Windows-Security-Auditing"}
C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"}
PS C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"}
PS C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"} | ConvertTo-Html -Title "intanceid=4624" | Ou
t-File 4624.html
powershell -ExecutionPolicy RemoteSigned "Get-EventLog -LogName 'Security' -newest 100| Where-Object {$_.eventid -eq 4624 -and $_.Message-like '*maltfun*'}" > C:\Windows\Temp\1.txt
Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"} | ConvertTo-Html -Title "intanceid=4624" | Out-File 4624.html
Get-EventLog -LogName "Security" -newest 100| Where-Object {$_.eventid -eq 4624 -and $_.Message-like "*username*"}
get-eventlog -logname "security" | group-object -property eventid
Max(K) Retain OverflowAction Entries Name
------ ------ -------------- ------- ----
512 7 OverwriteOlder 486 Application
512 7 OverwriteOlder 0 Internet Explorer
512 7 OverwriteOlder 1 Security
512 7 OverwriteOlder 2,166 System
PS C:\Users\Administrator> Get-Eventlog -Logname Security
Get-Eventlog -LogName Security|Where-Object {$_.message -match "Microsoft-Windows-Security-Auditing"}
C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"}
PS C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"}
PS C:\Users\Administrator> Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"} | ConvertTo-Html -Title "intanceid=4624" | Ou
t-File 4624.html
powershell -ExecutionPolicy RemoteSigned "Get-EventLog -LogName 'Security' -newest 100| Where-Object {$_.eventid -eq 4624 -and $_.Message-like '*maltfun*'}" > C:\Windows\Temp\1.txt
Get-EventLog -LogName "Security" | Where-Object {$_.InstanceID -match "4624"} | ConvertTo-Html -Title "intanceid=4624" | Out-File 4624.html
Get-EventLog -LogName "Security" -newest 100| Where-Object {$_.eventid -eq 4624 -and $_.Message-like "*username*"}
get-eventlog -logname "security" | group-object -property eventid
0 0
- powershell 针对日志的实例
- powershell提取日志内容
- QTP针对对象的参数化实例
- 针对Redis队列的理解,实例操作
- POWERSHELL-在不同的实例和数据库执行SQL
- 针对某个特定表的操作日志记录
- JBoss中针对不同项目的日志配置
- 针对Ubuntu系统日志的数据挖掘及分析处理
- 通过PowerShell操作事件日志
- PowerShell清空IIS日志
- C++的“私有”是针对类而言的还是针对类的实例而言的?
- C++的“私有”是针对类而言的还是针对类的实例而言的?
- JavaScript针对网页节点的增删改查用法实例
- 重做日志配置的实例
- sql server 2005日志文件过大问题解决后分析--针对发布订阅产生的日志问题
- powershell 通过rtx安全日志获取用户的ip地址对应
- PowerShell实战3:IAS服务器认证日志
- powershell生成svn日志(word)
- Ehcache缓存配置
- 给小吴:从实践下手去学编程
- 写程序是创作过程
- ubuntu14.04设置联网----中国移动有线网络
- 分组急救技能竞赛方法在急诊专科护士培训中的运用
- powershell 针对日志的实例
- Marker-controlled 漫水填充分割算法
- 近来对指针基础、一二维数组的心得和linux下c语言的编程
- 【BZOJ3841】【HDU4873】ZCC Loves Intersection 概率、数学、Python
- Ehcache介绍
- oracle编程入门笔记2015-01-23--执行计划
- EhCache参数及磁盘持久化加载
- C++程序内存泄漏都与哪些方面有关,该如何处理和避免
- ios 改变图片大小缩放方法
