输出没有出现在HTM上,

时间:2015-04-08 14:52:51

标签: powershell health-monitoring

我运行以下脚本,事件日志在HTM文件上是空白但在PowerShell上

$ServerListFile = "D:\Scripts\ServerList.txt"   
$ServerList = Get-Content $ServerListFile -ErrorAction SilentlyContinue  
$Result = @() 
ForEach($computername in $ServerList)  
 {
 Get-Eventlog -LogName Security -Newest 2000 | Where-Object {$_.EventID -eq     "4624"} | Select-Object @{Name ="Username"; Expression = {$_.ReplacementStrings[1]}} 
   $result += [PSCustomObject] @{  
    ServerName = "$computername" 
    EventLog = "$Username"
     }  
 $Outputreport = "<HTML><TITLE> Decommission Validation Report </TITLE> 
                 <BODY background-color:peachpuff> 
                 <font color =""#99000"" face=""Microsoft Tai le""> 
                 <H2> Decommission Validation Report </H2></font> 
                 <Table border=1 cellpadding=0 cellspacing=0> 
                 <TR bgcolor=gray align=center> 
                   <TD><B>Server Name</B></TD> 
                   <TD><B>EventLog</B></TD></TR>"
      Foreach($Entry in $Result)  
 {  
      if((($Entry.Servername) -or ($Entry.EventLog)) -ge 80 )  
      {  
        $Outputreport += "<TR bgcolor=red>"  
      }  
      else 
       { 
        $Outputreport += "<TR>"  
      } 
      $Outputreport += "<TD>$($Entry.Servername)</TD></TD><TD align=center>$($Entry.Username)</TD></TR>"  
    } 
 $Outputreport += "</Table></BODY></HTML>"  
    }
 $Outputreport | out-file D:\Scripts\Test.htm  
 Invoke-Expression D:\Scripts\Test.htm

我运行上面的脚本,并且在HTM文件上的事件日志是空白的,但在PowerShell上是

2 个答案:

答案 0 :(得分:1)

您没有捕获get-eventlog返回值

ForEach($computername in $ServerList)  
 {
 $eventLog = Get-Eventlog -LogName Security -Newest 2000 | Where-Object {$_.EventID -eq     "4624"} | Select-Object @{Name ="Username"; Expression = {$_.ReplacementStrings[1]}} 
 $result += [PSCustomObject] @{  
 ServerName = "$computername" 
 EventLog = "$eventLog.Username"
 }  

如果您想要的是返回的每个2k事件日志项的结果条目,请执行以下操作:

ForEach($computername in $ServerList)  
{
$eventLog = Get-Eventlog -LogName Security -Newest 2000 | Where-Object {$_.EventID -eq     "4624"} | Select-Object @{Name ="Username"; Expression = {$_.ReplacementStrings[1]}} 
foreach($item in $eventLog)
  {
    $result += [PSCustomObject] @{  
    ServerName = "$computername" 
    EventLog = "$eventLog.Username"
    }  
  }

答案 1 :(得分:0)

我将Dane Boulton建议的更改纳入其中,并对您的代码进行了一些修改,以获得我认为您正在寻找的内容。我将Replacement strings条目更改为5,因为我相信您正在查找登录的用户帐户。我还修改了EventLog变量以引用$ item.UserName。看看这对你有什么用。

$ServerListFile = "D:\Scripts\ServerList.txt"   
$ServerList = Get-Content $ServerListFile -ErrorAction SilentlyContinue  
$Result = @() 
ForEach($computername in $ServerList)  
  {
  $eventLog = Get-Eventlog -LogName Security -Newest 2000 | Where-Object {$_.EventID -eq "4624"} | Select-Object @{Name ="Username"; Expression = {$_.ReplacementStrings[5]}} 
foreach($item in $eventLog)
  {
    $result += [PSCustomObject] @{  
    ServerName = $computername
    UserName = $item.Username
    }  
  }
     $Outputreport = "<HTML><TITLE> Decommission Validation Report </TITLE> 
               <BODY background-color:peachpuff> 
                     <font color =""#99000"" face=""Microsoft Tai le""> 
                     <H2> Decommission Validation Report </H2></font> 
                     <Table border=1 cellpadding=0 cellspacing=0> 
                     <TR bgcolor=gray align=center> 
                       <TD><B>Server Name</B></TD> 
                       <TD><B>UserName</B></TD></TR>"
          Foreach($Entry in $Result)  
     {  
          if((($Entry.Servername) -or ($Entry.UserName)) -ge 80 )  
          {  
            $Outputreport += "<TR bgcolor=red>"  
          }  
          else 
           { 
            $Outputreport += "<TR>"  
          } 
          $Outputreport += "<TD>$($Entry.Servername)</TD></TD><TD align=center>$($Entry.UserName)</TD></TR>"  
        } 
     $Outputreport += "</Table></BODY></HTML>"  
        }
     $Outputreport | out-file D:\Scripts\Test.htm  
     Invoke-Expression D:\Scripts\Test.htm