• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2422
  • Last Modified:

powershell Get-WinEvent for logon events

I have been doing a lot of research the past few days. I'm trying to get a very basic script to run on a Win 2008/Win7 that will give me a list of users who have logged on.

I found a bunch of scripts like the following

Get-WinEvent -computername $server -FilterHashTable @{Logname=$logname;ID=$eventid;StartTime=$starttime;EndTime=$endtime} | where { $_.Message | Select-String "Logon Type: 2" }

I'd like to have a starttime and endtime and I think it should just show the logon type of 2, if I'm not mistaken. It would be great if this could be output to a csv file. Any ideas? Thanks so much.
  • 2
  • 2
1 Solution
Prashant GirennavarCommented:
Pipe the output to Export-csv


Get-WinEvent -computername $server -FilterHashTable @{Logname=$logname;ID=$eventid;StartTime=$starttime;EndTime=$endtime} | where { $_.Message | Select-String "Logon Type: 2" } | export-csv C:\winlogs.csv -notypeinformation

Let me know if this helps.


-Prashant Girennavar
cb_itAuthor Commented:
Thanks for the info. The script executes and a csv file is created but it's blank. With the script as is what is getting piped to the csv file?

I would like columns for account name, date, time, etc.

Any ideas??
cb_itAuthor Commented:
Just to be clear the main point of this is to run it on a server to get a csv list of who has logged in and when, nothing more. If there is a better script out there let me know! Thanks.
QlemoBatchelor and DeveloperCommented:
Get-WinEvent -Computer $Server -FilterHashTable  @{
  Logname = 'Security'
  EventID = 4624

Open in new window

gets the respective entries. But parsing the result is a pain ...
QlemoBatchelor and DeveloperCommented:
I can't see how http:#a39869184 could have answered your question - the resulting file is empty, according to your response.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now