我使用下面的代码将值传递给Get-Winevent,但是出现编译问题,只有存在才会传递值,请建议
$StartDate = Read-Date "Enter the start date of the logs, Ex: 17/07/2017 or 17/07/2017 09:00:00"
$EndDate = Read-Date "Enter the End date of the logs, Ex: 19/07/2017 or 19/07/2017 10:00:00"
$Message = Read-Host $prompt 'Message/String to search'
if ($StartDate) {
$params['StartTime'] = $StartDate
}
if ($EndDate) {
$params['endtime'] = $EndDate
}
$Event_Logs_Content = Get-WinEvent -FilterHashtable {@params}
答案 0 :(得分:0)
此选项将列出所有可用日志,因为您可以在“-logname”后看到星号,值得过滤到特定日期。
$StartDate = Read-Date "Enter the start date of the logs, Ex: 17/07/2017 or 17/07/2017 09:00:00"
$EndDate = Read-Date "Enter the End date of the logs, Ex: 19/07/2017 or 19/07/2017 10:00:00"
$Message = Read-Host $prompt 'Message/String to search'
$StartDate=get-date $StartDate -format "yyyy-MM-ddTHH:mm:ss"
$EndDate=get-date $EndDate -format "yyyy-MM-ddTHH:mm:ss"
$Event_Logs_Content = Get-EventLog -LogName * -After $StartDate -Before $EndDate