Powershell事件日志代码csv输出

时间:2013-12-03 15:32:29

标签: powershell csv

我想要从中获取事件日志数据的几台服务器。 我想要的只是每天按事件ID和事件发生次数分组的每个事件。然后将信息存储在CSV文件中,该文件通过电子邮件发送给我。 我能够将此信息转换为CSV文件,但即使我包含-NoTypeInformation,也无法找到删除类型信息的方法。我已经做了各种修改,没有运气如何呈现数据,但如果我将其导出到txt文件,它似乎出来的文件。请推荐一个解决方案。 我知道get-eventlog语句目前有2个export-csv语句,因为我正在尝试一个我在网上看到的例子的帖子。 

$hostname = hostname
$Filecsv = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).csv"

#$Filetxt = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).txt"
$yesterday = [DateTime]::Today.AddDays(-1).AddHours(00)
$Today = [DateTime]::Today.AddDays(-1).AddHours(24)

#Get-Eventlog -Logname Application | Where-Object {$_.Timegenerated -ge (Get-Date).AddDate(-1)} | Export-Csv Temp.csv -Encoding Unicode
#[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

#$applog = 
get-eventlog -log application -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement | export-csv Temp.csv -NoTypeInformation -Delimiter "," -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 


get-eventlog -log System -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 
get-eventlog -log security -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

$CredUser = "PowershellData@CompanyName.com"
$CredPassword = Read-host "What is your password?" # -AsSecureString
$smtpServer = "smtp.ExchangeServer.com"
$smtp = new-object Net.Mail.SmtpClient($smtpServer, 587)
$att = new-object Net.Mail.Attachment($Filecsv)
$msg = new-object Net.Mail.MailMessage
$msg.From = "PowershellData@CompanyName.com"
$msg.To.Add("PowershellData@CompanyName.com")
$msg.Subject = "$hostname Server Event logs Information $yesterday  to $today"
$msg.Body = "Event logs. "
$msg.Attachments.Add($att)
$smtp.EnableSsl = $true 
$smtp.Credentials = New-Object System.Net.NetworkCredential($CredUser, $CredPassword);
$smtp.Send($msg)
$att.Dispose()

3 个答案:

答案 0 :(得分:0)

这将创建3个csv文件,每个日志文件一个:

'application','system','security' | foreach{
    get-eventlog -log $_ -After ([datetime]::today) | 
    group eventid -noel | sort count -desc | 
    export-csv "eventLog_$_.csv" -notype
}

答案 1 :(得分:0)

如果您只想要所有日志中的总数,您可以这样做:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % { Get-Eventlog -Log $_ -After $today.AddDays(-1) -Before $today } `
  | group EventID `
  | select @{n='EventID';e={[int]($_.Name)}}, Count `
  | sort @{e='Count';d=$true}, @{e='EventID';d=$false} `
  | Export-Csv $csv -NoType

如果你想要每个日志的数字,我会在结果中包含日志名称:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % {
  $log = $_
  Get-Eventlog -Log $log -After $today.AddDays(-1) -Before $today `
    | group EventID `
    | select @{n='Log';e={$log}}, @{n='EventID';e={[int]($_.Name)}}, Count `
    | sort @{e='Count';d=$true}, @{e='EventID';d=$false}
} | Export-Csv $csv -NoType

答案 2 :(得分:0)

如果我正确地阅读了这个问题,我认为这可能有用:

$Today = Get-Date
$yesterday = (Get-Date).AddDays(-1)

filter hash-events 
 { $Event_ht[$_.EventID]++ }

foreach ($log in 'System','Application','Security')
   {
    $Event_ht = @{}
    get-eventlog -logname $log -after $yesterday  -before $Today | hash-events

    $(foreach ($EventID in $Event_ht.keys)
      {
        [PSCustomObject]@{EventID = $EventID;Count=$Event_ht[$EventID]}
      }) | 
           Export-Csv "$log.csv" -NoTypeInformation
  }

过滤器无疑是一种非传统的过滤器,但它在管道中的速度比foreach-object快。

相关问题
最新问题