Solved

Unable to display time in the powershell script parsing Event Log ?

Posted on 2016-09-13
4
96 Views
Last Modified: 2016-09-13
Hi People,

Can anyone here please help as to why the script below can display the rest of the column but not the time column ?

Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))" | Get-EventLog -LogName Security 4720,4722,4725 |
 Select-Object EventId, Time, @{ 
   n='AccountName';
   e={ ($_.message -replace '\n', ' ') -replace '.*?account name:\t+([^\s]+).*', '$1' } 
 }, @{
   n='TargetAccount';
   e={ ($_.message -replace '\n', ' ') -replace '.*account name:\t+([^\s]+).*', '$1' } 
 } 

Open in new window


Am I missing anything here ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 41797345
The events returned don't have a property "Time". Try "TimeGenerated" instead.
1
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41797360
OBDA,

Thanks for the clarification,

somehow the pipe does not work ?

Get-EventLog : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take
pipeline input.
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 41797366
Sorry, didn't verify that part.
The ComputerName argument doesn't accept pipeline input, so you'll need a ForEach-Object:
Get-ADComputer -LDAPFilter "(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))" |
	ForEach-Object {
		"Processing $($_.DNSHostName) ..." | Write-Host
		Get-EventLog -ComputerName $_.DNSHostName -LogName Security 4720, 4722, 4725 |
		Select-Object -Property `
			EventId,
			TimeGenerated,
			@{n='AccountName'; e={ ($_.message -replace '\n', ' ') -replace '.*?account name:\t+([^\s]+).*', '$1' }},
			@{n='TargetAccount'; e={ ($_.message -replace '\n', ' ') -replace '.*account name:\t+([^\s]+).*', '$1' }}
	}

Open in new window

1
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 41797375
You are awesome man !
Thanks
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question