Question

抱歉英文不好。

我在powershell和事件转发机制方面遇到了一些麻烦。我试图做这样的事情：

$remoteComputer = "."
$session = New-PsSession $remoteComputer

Unregister-Event CatchEvent -ErrorAction SilentlyContinue
Invoke-Command $session {

    ## The WMI query to detect a stopping service
    $query = @"
        SELECT *
        FROM __instancecreationevent
        WHERE TargetInstance ISA 'Win32_NtLogEvent'
        and targetinstance.eventcode = '7036'
"@
    Register-WmiEvent -Query $query "CatchEvent" -Forward
}
$null = Register-EngineEvent CatchEvent -Action { $GLOBAL:MyEvent = $event}

$ MyEvent变量最后不包含事件信息，而是包含system.string类数据。 alt text http://eosfor.fileave.com/powershell.png

这个脚本有什么问题？

Answer 1

Vasily Gusev给了我一个answer。

$query = "SELECT * FROM __instancecreationevent WHERE TargetInstance ISA 'Win32_NtLogEvent' AND TargetInstance.eventcode = '7036'"
Register-WmiEvent -Query $query -ComputerName client1 -Action {write-host "Service Stopped"}

一次。抱歉英语不好。如果出现问题，请纠正我：）

Powershell事件转发

1 个答案: