namerg
asked on
How to add conditional for IpAddress equals to dash in security log
How do I add a conditional for the ipAddress.
if IpAddress -eq "-" do not count it or do not add it into the csv. See attachment
if IpAddress -eq "-" do not count it or do not add it into the csv. See attachment
Get-WinEvent -FilterHashTable @{LogName='Security'; ProviderName='Microsoft-Windows-Security-Auditing';id=4624; StartTime="3/28/20"; EndTime="3/30/20"} | ForEach-Object {
$xml = [xml]$_.ToXml().Replace('xmlns', 'dummy')
$_ | Select-Object -Property TimeCreated, MachineName,`
@{n='TargetUserName'; e={"$($xml.SelectSingleNode("Event/EventData/Data[@Name='TargetDomainName']").InnerText)\$($xml.SelectSingleNode("Event/EventData/Data[@Name='TargetUserName']").InnerText)"}},
@{n='LogonType'; e={$xml.SelectSingleNode("Event/EventData/Data[@Name='LogonType']").InnerText}},
@{n='WorkstationName'; e={$xml.SelectSingleNode("Event/EventData/Data[@Name='WorkstationName']").InnerText}},
@{n='IpAddress'; e={$xml.SelectSingleNode("Event/EventData/Data[@Name='IpAddress']").InnerText}},
@{n='IpPort'; e={$xml.SelectSingleNode("Event/EventData/Data[@Name='IpPort']").InnerText}}
} | Export-Csv D:\ger\SCRIPTS\EventID_4624.csv -nti
EventID_4624---Copy.csv
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, Copy and Paste error.
Fixed above, just download again (changed lines 2-10).
Fixed above, just download again (changed lines 2-10).
ASKER
Thank You Very Much
ASKER
Open in new window
But it looks like i am getting the error for every index within the arrayOpen in new window