已完结小说排行榜,盗墓笔记同人小说

有時(shí)你可能會(huì)需要分析系統(tǒng)文件將他們傳輸?shù)接脖P(pán)，或你想直接從“evtx”讀取系統(tǒng)日志。

你可以這樣做：

復(fù)制代碼代碼如下:

$path = "$env:windir\System32\Winevt\Logs\Setup.evtx"

Get-WinEvent -Path $path

另附上一段獲取系統(tǒng)日志的代碼

復(fù)制代碼代碼如下:

$StartTime = (get-date).Date + (new-timespan -Hours 6 -Minutes 35)

$EndTime = (get-date).Date + (new-timespan -Hours 6 -Minutes 36)

$global:TaskStart

$Global:TaskComplete

$Global:events

$Global:event

$Global:TimeSpent

$Global:events = get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational"; ID=107;StartTime=$StartTime;EndTime=$EndTime}

Foreach($Global:event in $Global:events)

{

    cls

    $StartLogs=get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational";ID=100;StartTime=$StartTime}

    $CompleteLogs=get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational";id=102;StartTime=$StartTime}

    $global:TaskStart=$StartLogs | where {$_.ActivityId -eq $Global:event.ActivityId}

    $Global:TaskComplete=$CompleteLogs | where {$_.ActivityId -eq $Global:event.ActivityId}

    $global:TimeSpent=($global:TaskComplete.timeCreated-$global:TaskStart.timeCreated).TotaLMinutes

    if(($global:TaskStart -ne $NULL) -and ($Global:TaskComplete -ne $null) -and ($Global:TimeSpent -gt 1)){

        $Messagebody="Sync task started at:  "+$global:TaskStart.TimeCreated.DateTime+"`r`n"

        $Messagebody=$Messagebody+"`r`nSync task completed at:  "+$global:TaskComplete.timeCreated.DateTime+"`r`n"

        $Messagebody=$Messagebody+"`r`nTask lasted for "+("{0:N2}" -f ($Global:TimeSpent) )+" minutes"

        Send-MailMessage -From "CustomerLog@avepoint.com" -To "Zhijie.bai@avepoint.com","Infrastructure_cn@avepoint.com" -Subject "Customer Logs Sync Report:Success" -Body $Messagebody -SmtpServer "10.100.100.153" -Encoding UTF8

    }

    else{

        $Messagebody="########################################################################`r`n"

        $Messagebody=$Messagebody+"`r`nCustom logs Sync failed, please login 10.2.0.125 to check and sync again`r`n"

        $Messagebody=$Messagebody+"`r`n########################################################################`r`n"

        Send-MailMessage -From "CustomerLog@avepoint.com" -To "Zhijie.bai@avepoint.com","Infrastructure_cn@avepoint.com" -Subject "Customer Logs Sync Report:Failed" -Body $Messagebody -SmtpServer "10.100.100.153" -Encoding UTF8 -Priority High

    }

}

支持Powershell所有版本

您可能感興趣的文章:

PowerShell默認(rèn)參數(shù)$PSDefaultParameterValues結(jié)合Out-File輸出到日志文件
Powershell使用WINDOWS事件日志記錄程序日志
PowerShell中使用Get-EventLog讀取、篩選系統(tǒng)日志的例子

標(biāo)簽：鶴崗六盤(pán)水山南運(yùn)城濟(jì)南德州湛江岳陽(yáng)

巨人網(wǎng)絡(luò)通訊聲明：本文標(biāo)題《Powershell小技巧之從文件獲取系統(tǒng)日志》，本文關(guān)鍵詞 Powershell,小,技巧,之,從,；如發(fā)現(xiàn)本文內(nèi)容存在版權(quán)問(wèn)題，煩請(qǐng)?zhí)峁┫嚓P(guān)信息告之我們，我們將及時(shí)溝通與處理。本站內(nèi)容系統(tǒng)采集于網(wǎng)絡(luò)，涉及言論、版權(quán)與本站無(wú)關(guān)。

濮阳杆衣贸易有限公司

Powershell小技巧之從文件獲取系統(tǒng)日志