删除日志消息中不需要的字符

时间:2018-05-22 13:59:52

标签: powershell

我编写了一个PowerShell脚本,该脚本可以获取我域中每台计算机的LastLogonTimestamp。我将此脚本设置为写入我的系统日志文件。一切正常,除了我在日志消息中收到@{......},但在屏幕上打印时却没有。我将这些日志发送到SIEM,它不喜欢其他字符。

脚本:

$dcs = Get-ADComputer -Filter { OperatingSystem -NotLike '*Server*' } -Properties OperatingSystem

foreach($dc in $dcs) { 
    # Implement LastLogonTime log item, if necessary
    try {
        # create a new event log type of "FreePhysicalMemory"
        [System.Diagnostics.EventLog]::CreateEventSource($dc.Name, "System")
    } catch {
        # ignore if the above fails.
    }

    $LastLogon = Get-ADComputer $dc.Name -Properties LastLogonTimestamp |
                 Select-Object @{Name="LastLogon"; Expression={
                     [DateTime]::FromFileTime($_.LastLogonTimeStamp)
                 }}

    # for debugging purposes. comment out when happy    
    $LastLogon

    # logging entries for SIEM
    Write-EventLog -LogName System -Source $dc.Name -EventID 8007 -EntryType Information -Message "LastLogonTimeStamp `n $LastLogon" -Category 1
}

结果:

Screenshot: eventlog record

0 个答案:

没有答案
相关问题
最新问题