1. 首頁
  2. 問答
  3. 在AD中查找舊電腦不準確?

在AD中查找舊電腦不準確?

2016-09-20 73 views
0

使用Get-EventLog命令進行操作。前3個命令按預期工作。在AD中查找舊電腦不準確?

Get-EventLog Application -Newest 1000 | Select Message 
Get-EventLog System -Newest 1000 | Select Message 
Get-EventLog Security -Newest 1000 | Select Message

但這不起作用

Get-EventLog Setup -Newest 1000 | Select Message

,這不起作用

Get-EventLog setup

怎麼來的?在安裝程序中有WSUS錯誤,我們想要捕獲。

來源

2016-09-20 mqh7

+0

我想我找到了它:Get-WinEvent -FilterHashtable @ {logname ='setup'; id = 3} – mqh7

+0

是的,'Get-EventLog'只能讀取經典事件日誌,不能在遠程機器上過濾它們。 'Get-WinEvent'是一個較新的cmdlet,它可以讀取所有事件日誌,並將結果通過網絡進行過濾。 – TessellatingHeckler

回答

0

對不起,這有點長,但我喜歡try/catch語句和過度溝通。

#requires -Version 2.0 
function RemoteEventLog([Parameter(Mandatory=$true)]$LogName, $MaxEvents,[Parameter(Mandatory = $true)]$computers, $LogPath) 
{ 
    <# 
    .SYNOPSIS 
    Gather remote event logs by log name by computer names. 

    .DESCRIPTION 
    Specifiy a log name to narrow down the search. Provide as many computernames as needed. 

    .PARAMETER maxevents 
    -maxevents is all about how many events. 

    .PARAMETER computers 
    The array or list of comma separated computer names to run the script through. 

    .PARAMETER LogPath 
    -LogPath will let you decide the parent folder of the location to store the logs by computer name. 

    .EXAMPLE 
    RemoteEventLog -logname Application -maxevents 1000 -computers ('host1','host2','host3') 
    This will loop through the computers and bring back the log for each computer. 
#> 

$computers = $computers -split (',') 
try 
{ 
    $testLogPath = Test-Path $LogPath 
} 
catch 
{ 
    "Error was $_" 
    $line0 = $_.InvocationInfo.ScriptLineNumber 
    "Error was in Line $line0" 
} 
if(!($testLogPath)) 
{ 
    try 
    { 
    New-Item -Path $LogPath -ItemType Directory -ErrorAction:Stop 
    } 
    catch 
    { 
    "Error was $_" 
    $line1 = $_.InvocationInfo.ScriptLineNumber 
    "Error was in Line $line1" 
    } 
} 

foreach($computer in $computers) 
{ 
    try 
    { 
    $log = Get-WinEvent -LogName $logName -MaxEvents $maxevents -ComputerName $computer -ErrorAction:Stop 
} 
catch 
{ 
    "Error was $_" 
    $line2 = $_.InvocationInfo.ScriptLineNumber 
    "Error was in Line $line2" 
} 

try 
{ 
    New-Item -Path $LogPath -Name ("$computer.evt") -Value $log -Force 
    $log | Out-File -FilePath $LogPath  
} 
catch 
{ 
    "Error was $_" 
    $line3 = $_.InvocationInfo.ScriptLineNumber 
    ('Error was in Line {0}' -f $line3) 
    } 
} 
} 

RemoteEventLog -logname Application -MaxEvents 100 -computers 'localhost,computer2,computer3' -LogPath D:\Desktop\logs

來源

2016-09-21 02:48:35

相關問題

 相關問題