Author Posts

July 10, 2017 at 9:56 pm

Good evening,

I'm relatively new to powershell, far more comfortable with SQL.

I need to get some data out of the event logs. I've managed to establish so far that I need to use Get-WinEvent and use the xml element to get the actual info I want.

So far I've got:

$filterxml = "
	
		
		    *[System[(EventID='4624')]]
			and
            (
			*[EventData[Data[@Name='LogonType'] and (Data='10')]]
            or
            *[EventData[Data[@Name='LogonType'] and (Data='2')]]
            )
		
	

"

$Events = Get-WinEvent -maxEvents 1 -Filterxml $filterXml

# Get out the event message data            
ForEach ($Event in $Events) {            
    # Convert the event to XML            
    $eventXML = [xml]$Event.ToXml() 

 #Now what?? I need to find out how to return the actual data in a form I can put into a datatable.
}

It seems like it should be so easy to chuck out the values to either into variables or straight into a datatable etc.

I've been looking for a solution for a while without any luck.

Thanks in advance for your time.

Matt