我想要从中获取事件日志数据的几台服务器。 我想要的只是每天按事件ID和事件发生次数分组的每个事件。然后将信息存储在CSV文件中,该文件通过电子邮件发送给我。 我能够将此信息转换为CSV文件,但即使我包含-NoTypeInformation,也无法找到删除类型信息的方法。我已经做了各种修改,没有运气如何呈现数据,但如果我将其导出到txt文件,它似乎出来的文件。请推荐一个解决方案。 我知道get-eventlog语句目前有2个export-csv语句,因为我正在尝试一个我在网上看到的例子的帖子。
$hostname = hostname
$Filecsv = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).csv"
#$Filetxt = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).txt"
$yesterday = [DateTime]::Today.AddDays(-1).AddHours(00)
$Today = [DateTime]::Today.AddDays(-1).AddHours(24)
#Get-Eventlog -Logname Application | Where-Object {$_.Timegenerated -ge (Get-Date).AddDate(-1)} | Export-Csv Temp.csv -Encoding Unicode
#[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode
#$applog =
get-eventlog -log application -after $yesterday -before $Today| group-object -property {$_.EventID} -noelement | export-csv Temp.csv -NoTypeInformation -Delimiter "," -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode
get-eventlog -log System -after $yesterday -before $Today| group-object -property {$_.EventID} -noelement | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode
get-eventlog -log security -after $yesterday -before $Today| group-object -property {$_.EventID} -noelement | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode
$CredUser = "PowershellData@CompanyName.com"
$CredPassword = Read-host "What is your password?" # -AsSecureString
$smtpServer = "smtp.ExchangeServer.com"
$smtp = new-object Net.Mail.SmtpClient($smtpServer, 587)
$att = new-object Net.Mail.Attachment($Filecsv)
$msg = new-object Net.Mail.MailMessage
$msg.From = "PowershellData@CompanyName.com"
$msg.To.Add("PowershellData@CompanyName.com")
$msg.Subject = "$hostname Server Event logs Information $yesterday to $today"
$msg.Body = "Event logs. "
$msg.Attachments.Add($att)
$smtp.EnableSsl = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($CredUser, $CredPassword);
$smtp.Send($msg)
$att.Dispose()
答案 0 :(得分:0)
这将创建3个csv文件,每个日志文件一个:
'application','system','security' | foreach{
get-eventlog -log $_ -After ([datetime]::today) |
group eventid -noel | sort count -desc |
export-csv "eventLog_$_.csv" -notype
}
答案 1 :(得分:0)
如果您只想要所有日志中的总数,您可以这样做:
$csv = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs = 'Application', 'System', 'Security'
$logs | % { Get-Eventlog -Log $_ -After $today.AddDays(-1) -Before $today } `
| group EventID `
| select @{n='EventID';e={[int]($_.Name)}}, Count `
| sort @{e='Count';d=$true}, @{e='EventID';d=$false} `
| Export-Csv $csv -NoType
如果你想要每个日志的数字,我会在结果中包含日志名称:
$csv = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs = 'Application', 'System', 'Security'
$logs | % {
$log = $_
Get-Eventlog -Log $log -After $today.AddDays(-1) -Before $today `
| group EventID `
| select @{n='Log';e={$log}}, @{n='EventID';e={[int]($_.Name)}}, Count `
| sort @{e='Count';d=$true}, @{e='EventID';d=$false}
} | Export-Csv $csv -NoType
答案 2 :(得分:0)
如果我正确地阅读了这个问题,我认为这可能有用:
$Today = Get-Date
$yesterday = (Get-Date).AddDays(-1)
filter hash-events
{ $Event_ht[$_.EventID]++ }
foreach ($log in 'System','Application','Security')
{
$Event_ht = @{}
get-eventlog -logname $log -after $yesterday -before $Today | hash-events
$(foreach ($EventID in $Event_ht.keys)
{
[PSCustomObject]@{EventID = $EventID;Count=$Event_ht[$EventID]}
}) |
Export-Csv "$log.csv" -NoTypeInformation
}
过滤器无疑是一种非传统的过滤器,但它在管道中的速度比foreach-object快。