Grab a Member Definition from Get-WinEvent

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Eric Bronnert Eric Bronnert 2 years, 3 months ago.

  • Author
    Posts
  • #18544
    Profile photo of Eric Bronnert
    Eric Bronnert
    Participant

    Me again. Getting sick of me yet?

    In a month of lunches I read about Member Definitions and I would like to use one. Specifically for the cmdlet Get-WinEvent. I want to pull the UserID Property from Get-WinEvent through it's Member Definitions . Basically I'm pulling a log and Event ID's from Get-WInEvent, and I want to add UserID's to these logs. How would I do this?

    UserId Property System.Security.Principal.SecurityIdentifier UserId {get;}

  • #18545
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Um... having written the book, I'm not sure what you mean about "member definitions" and "pull the UserID property through it's member definitions."

    A member definition describes what a member, such as a property or event, looks like. In this case, UserId is a property of the type System.Security.Principal.SecurityIdentifier, and it is read-only ("get"). You don't "pull information through a member definition."

    Now... are you asking, "how do I get the user id into the command output?" It's already there. It may not be showing by default, because many properties don't show by default in PowerShell. So, you could use Select-Object to tell the shell what properties you want to see, and that could include UserId.

  • #18549
    Profile photo of Eric Bronnert
    Eric Bronnert
    Participant

    You nailed it. That is exactly what I was asking. Learning how to ask the right questions is a learning experience in itself. I will refer to the book and re-read chapter 8, but everything you just explained really set my mind straight on how these member definitions work.. As always thank you for your time.

You must be logged in to reply to this topic.