记录时的Powershell Get-EventLog输出问题

时间:2017-03-15 19:48:44

标签: powershell get-eventlog

当我写一个TXT文件时,我遇到了写一个get-eventlog函数的问题。

这是我的LogWrite功能: 

#Log Function
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite
{
   Param ([string]$logstring)
   Add-content $Logfile -value $Stamp": "$logstring -Force
}

这是我的部分脚本中的LogWrite代码。

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed | Format-List

我遇到的问题是它在txt文件中出现如下: Microsoft.PowerShell.Commands.GenericMeasureInfo

但是,如果我只是回应它,它会像这样(这是一个例子):

Index              : 2568
EntryType          : Information
InstanceId         : 15
Message            : Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_ON.
Category           : (0)
CategoryNumber     : 0
ReplacementStrings : {Symantec Endpoint Protection, SECURITY_PRODUCT_STATE_ON}
Source             : SecurityCenter
TimeGenerated      : 3/15/2017 7:46:02 AM
TimeWritten        : 3/15/2017 7:46:02 AM

如何以这种方式写入日志?

3 个答案:

答案 0 :(得分:1)

  • 您的日志功能没有输出。您没有将任何内容输入Format-List
  • $OutlookHangDetailed将成为[System.Diagnostics.EventLogEntry]的对象数组。您可以将其转换为$logstring | fl | out-string的字符串。直接转换为字符串不会为您提供所需的输出。
$Logfile = "..\Logs\$(gc env:computername)_Outlook.log"
$Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")

Function LogWrite {
        Param (
            [System.Diagnostics.EventLogEntry[]]$logstring,
            [string]$Logfile,
            [string]$Stamp
        )


        $logentry = "$($Stamp):$($logstring | fl | out-string)"
        Add-Content $Logfile -value $logentry -Force
        $logentry
    }

$OutlookHangDetailed = Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue

LogWrite $OutlookHangDetailed $Logfile $Stamp

答案 1 :(得分:0)

Get-EventLog -Log "Application" -Source "Application Hang" -Message "*OUTLOOK.EXE*" -After (Get-Date).AddHours(-12) -ErrorAction SilentlyContinue >> "..\Logs\$(gc env:computername)_Outlook.log"

这将按预期工作

答案 2 :(得分:0)

也许是这样的:

    Function LogWrite
    {
       param (
         $logstring
       )

       $Stamp | Out-File -Encoding UTF8 -FilePath $Logfile -Append -Force
       ($logstring | Format-List) | Out-File -Encoding UTF8 -FilePath $Logfile -Width 1024 -Append -Force
    }

并通过以下方式调用您的函数:

    LogWrite $OutlookHangDetailed
相关问题
最新问题