I would like to get some info out of an eventlog item, the General message pane got some info like this:
PS C:\Windows\system32> $string
I would like to get the data in some variables, like Account name (username) ,
Thanks in advance.
Try using Get-WinEvent instead of get-eventlog and we might have to change the string to objects.
There's a good chance you can reference those individual properties directly, rather than trying to read the message string.
Get-WinEventData simplifies this so that you can simply pipe Get-WinEvent to Get-WinEventData.
Nikolas, as folks mentioned above it would be more effective subsequently faster, to use the get-winEvent in conjunction with hash table. Since you are looking for specific values, you will have to parse the XML view option that windows event log offer.
In short, for example:
Then retrieve what you want to retrieve $MySecurityLog | gm
The "tricky" part (let's say), is to cast the $MySecurityLog as an XML since as I mentioned you need parse the event log XML info.
$ConvertToXml = [xml]$MySecurityLog.toxml()
Finally, search again your XML variable and step by step retrieve related members (event, eventdata etc.)
Tyvm guys for the responses, the answers helped me out.
This is a part of the script:
#Get the event 4722 => user enbled
The last problem is when I'm sending a mail message with the -Body string the output is like this:
I tried converting those outputs to Strings but no avail..
You must be logged in to reply to this topic.