欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

Powershell小技巧之从文件获取系统日志

程序员文章站 2022-07-05 10:27:50
有时你可能会需要分析系统文件将他们传输到硬盘,或你想直接从“evtx”读取系统日志。 你可以这样做: 复制代码 代码如下: $path = "$env:windir\...

有时你可能会需要分析系统文件将他们传输到硬盘,或你想直接从“evtx”读取系统日志。

你可以这样做:

复制代码 代码如下:

$path = "$env:windir\system32\winevt\logs\setup.evtx"
get-winevent -path $path

另附上一段获取系统日志的代码

复制代码 代码如下:

$starttime = (get-date).date + (new-timespan -hours 6 -minutes 35)
$endtime = (get-date).date + (new-timespan -hours 6 -minutes 36)
$global:taskstart
$global:taskcomplete
$global:events
$global:event
$global:timespent
$global:events = get-winevent -filterhashtable @{logname = "microsoft-windows-taskscheduler/operational"; id=107;starttime=$starttime;endtime=$endtime}
foreach($global:event in $global:events)
{
    cls
    $startlogs=get-winevent -filterhashtable @{logname = "microsoft-windows-taskscheduler/operational";id=100;starttime=$starttime}
    $completelogs=get-winevent -filterhashtable @{logname = "microsoft-windows-taskscheduler/operational";id=102;starttime=$starttime}
    $global:taskstart=$startlogs | where {$_.activityid -eq $global:event.activityid}
    $global:taskcomplete=$completelogs | where {$_.activityid -eq $global:event.activityid}
    $global:timespent=($global:taskcomplete.timecreated-$global:taskstart.timecreated).totalminutes
    if(($global:taskstart -ne $null) -and ($global:taskcomplete -ne $null) -and ($global:timespent -gt 1)){
          
        $messagebody="sync task started at:  "+$global:taskstart.timecreated.datetime+"`r`n"
        $messagebody=$messagebody+"`r`nsync task completed at:  "+$global:taskcomplete.timecreated.datetime+"`r`n"
        $messagebody=$messagebody+"`r`ntask lasted for "+("{0:n2}" -f ($global:timespent) )+" minutes"
          
        send-mailmessage -from "customerlog@avepoint.com" -to "zhijie.bai@avepoint.com","infrastructure_cn@avepoint.com" -subject "customer logs sync report:success" -body $messagebody -smtpserver "10.100.100.153" -encoding utf8
    }
    else{
        $messagebody="########################################################################`r`n"
        $messagebody=$messagebody+"`r`ncustom logs sync failed, please login 10.2.0.125 to check and sync again`r`n"
        $messagebody=$messagebody+"`r`n########################################################################`r`n"
        send-mailmessage -from "customerlog@avepoint.com" -to "zhijie.bai@avepoint.com","infrastructure_cn@avepoint.com" -subject "customer logs sync report:failed" -body $messagebody -smtpserver "10.100.100.153" -encoding utf8 -priority high
    }
}

支持powershell所有版本

上一篇: Linux下ping: unknown host www.baidu.com的解决办法

下一篇: 刀塔自走棋高胜率阵容 刀塔自走棋最强吃鸡阵容

推荐阅读