Quickly identify a login event.
Get-WinEvent -FilterHashtable @{Logname='security';ID=4624} | ft -auto -wrap
Quickly identify a login event for a particular user.
Get-WinEvent -FilterHashtable @{Logname='security';ID=4624} | where {$_.message -like ‘*john*’ } | ft -auto –wrap
Quickly identify a login event for multiple users.
Get-WinEvent -FilterHashtable @{Logname='security';ID=4624} | where {$_.message -like ‘*john*’ -or $_.message -like ‘*jane*’} | ft -auto –wrap
Quickly identify login events between two dates.
Get-WinEvent -FilterHashtable @{Logname='security';ID=4624 ;StartTime="5/1/15";EndTime="5/31/15"} | ft -auto –wrap
Login events for a particular user between two dates.
Get-WinEvent -FilterHashtable @{Logname='security';ID=4624 ;StartTime="5/25/15";EndTime="5/30/15"} | where {$_.message -like ‘*john*’ } | ft -auto –wrap
Quickly identify error events for previous day.
Get-EventLog -LogName System -EntryType error -After (Get-Date).AddDays(-1) | ft -auto -wrap
Error events for a specific source such as NETLOGON
Get-EventLog -LogName System -EntryType error -Source NETLOGON -After (Get-Date).AddDays(-1) | ft -auto -wrap
As a reminder, you can export any of these into a text file with the 'out-file' option; an example:
Get-EventLog -LogName System -EntryType error -After (Get-Date).AddDays(-1) | ft -auto -wrap | out-file c:\event.txt
No comments:
Post a Comment