PowerShell script for Event IDs
Server 2003, PowerShell v1
I'm looking for a script that will show the number of a specific event IDs for a specific user in the Security logs over a specific time frame.
User1 and event ID 538 July 1, 2014 - July 9, 2014
Possible?
I'm looking for a script that will show the number of a specific event IDs for a specific user in the Security logs over a specific time frame.
User1 and event ID 538 July 1, 2014 - July 9, 2014
Possible?
ASKER
What would the source be?
ASKER
Got it, the source is the user. Getting error message cannot be found parameter name 'after'.
Can you do me a quick favor, I am not in a place to duplicate a 538, can you run this and paste the output.
I will then be able to give you a script to do exactly what you need:
I will then be able to give you a script to do exactly what you need:
Get-EventLog -LogName Security ? {$_.eventid -eq "538"} | get-memberASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
becraig
A parameter cannot be found that matches parameter name '?'
Qlemo
If I could I would - I'm stuck for the moment with what I have.
A parameter cannot be found that matches parameter name '?'
Qlemo
If I could I would - I'm stuck for the moment with what I have.
My code above should work on PS 1.
becraig's line needs a pipe in front of the question mark:
becraig's line needs a pipe in front of the question mark:
Get-EventLog -LogName Security | ? {$_.eventid -eq "538"} | get-member
Open in new window
Of course a sample of the event would be good to know where the user info is captured, I only put in $_.message this migh be captured elsewhere