Powershell Script

Welcome Forums General PowerShell Q&A Powershell Script

This topic contains 3 replies, has 3 voices, and was last updated by

 
Participant
1 month, 1 week ago.

  • Author
    Posts
  • #122310

    Participant
    Points: -6
    Rank: Member

    I am trying to extract Logs from event viewer security log.  I am trying to find the easiest way.  I believe using Powershell to get this data is the easiest way.  I am trying to get a nice excel document on employee logons to a server.  The event codes i need are 4985 and 5140. They typically login using Citrix Xenapp.   What I need is the Subject details to show.  The security ID or Account name would be an easy way to identify a user.

    I can get the event logs using Get-Eventlog using this command.  What i need is the account name or security ID of specific user, otherwise that other data would be useless for me.

    Any help would be Greatly Appreciated,

     

    Michael D.

  • #122318

    Participant
    Points: 355
    Helping Hand
    Rank: Contributor

    Try using Get-WinEvent which will allow you to get the full details in events.

    https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/20/filtering-event-log-events-with-powershell/

  • #122328

    Participant
    Points: 1
    Rank: Member

    Hi Michael,

    I had created a script sometime back to get account lockout notifications. below is a a snippet form that which might help get what you are after

    $Events = Get-WinEvent -ComputerName $DC -FilterHashtable @{LOGNAME='Security';ID="4985"} -ErrorAction Stop
    foreach ($event in $Events){
    $Properties= [PSCustomObject][Ordered]@{
    "Username"=$event.Properties[0].value
    "ReferenceComputer"=$Event.Properties[1].value
    "LockOutTime"=$event.TimeCreated
    "Domain"=$Event.Properties[5].value
    "DC"=$Event.Properties[4].value -replace"\$"
    }
    $Properties
    }
    Script published on the PowerShell gallery for reference
    Regards
    Shihan
  • #122568

    Participant
    Points: -6
    Rank: Member

    Thank you this information pointed me in the right direction and I was able to obtain what I needed.

You must be logged in to reply to this topic.