Ask : Filtering event log using event data

Welcome Forums General PowerShell Q&A Ask : Filtering event log using event data

This topic contains 2 replies, has 3 voices, and was last updated by

1 year, 10 months ago.

  • Author
  • #69651

    Points: 0
    Rank: Member

    Hi all,
    i wanna ask about filtering event log in windows 7 using powershell.

    i have allready searching about it, but usually people filtering just using general information such as logname, keywords, event id and etc.

    the thing is i wanna filtering using access list, and combine it with event id
    for example about access list like picture below :
    example access list

    i really appreciate all suggestion and help,
    thank in advance

  • #69739

    Points: 16
    Rank: Member

    You'll need to use Get-WinEvent. I can't see the log or full provider name, so I'll use another example.

    You can use a variety of filters in the hash, including id=, logname=, etc. to get the events you're after. I'm using a date.

    Get-WinEvent -FilterHashTable @{ProviderName='Service Control Manager'; StartTime=""} |
       % {([xml]$_.ToXml()).Event.EventData.Data}
  • #69715

    Points: 41
    Rank: Member

    Ashely McGlone (GoateePFE) has posted some really excellent content on Event Log filtering:

    TechNet Blogs

    Microsoft Virtual Academy
    Skip to the Forensic Investigations and Lockouts section, then Event Logs

The topic ‘Ask : Filtering event log using event data’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort