我真的需要你的帮助,我已经制作了一个将日志导出到 csv 文件的脚本:
Set-Variable -Name EventAgeDays -Value 1
Set-Variable -Name CompArr -Value @("Localhost")
Set-Variable -Name LogNames -Value @("Security", "Application", "System")
Set-Variable -Name EventTypes -Value @("Information", "Error", "Warning", "FailureAudit", "SuccessAudit")
Set-Variable -Name ExportFolder -Value "C:\"
$el_c = @()
$now = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId($(Get-Date), [System.TimeZoneInfo]::Local.Id, 'GMT Standard Time')
$startdate=$now.adddays(-$EventAgeDays)
$ExportFile=$ExportFolder + "mx_sugus_poc_" + $now.ToString("yyyy.MM.dd_hh.mm") + ".csv"
foreach($comp in $CompArr)
{
foreach($log in $LogNames)
{
Write-Host Processing $comp\$log
$el = get-eventlog -ComputerName $comp -log $log -After $startdate -EntryType $EventTypes -Message "*"
$el_c += $el
}
}
$el_sorted = $el_c | Sort-Object TimeGenerated
Write-Host Exporting to $ExportFile
$el_sorted|Select TimeGenerated, EntryType, Source, EventID, MachineName, UserName, Message | export-CSV $ExportFile -NoTypeInfo
另外,我更改了 GMT 格式的日期。
我想更改日志中的搜索,而不是每天每小时更改一次。
你能帮我解决这个问题吗???
非常感谢!!!
答案 0 :(得分:1)
将 $startdate=$now.adddays(-$EventAgeDays) 改为 $startdate=$now.addHours(-1)