header
header Register : : Login header
header
divider
menuleft
menuright
submenu
left

[August 25th, 2008] Check the home page regarding PowerShell related news from a brand new sponsor: Idera
Forums > Using PowerShell > General PowerShell
Subject: Proper remote Security Log access
Prev Next
You are not authorized to post a reply.

Author Messages
PyrtolinUser is Offline
New Member
New Member
Posts:1
07/16/2008 12:12 PM  

I'm trying to harvest remote login/logout information (as well as lock/unlock) information from a set of XP machines. (Using an event audit on the screen saver as a rough "lock" event)

After trying a few methods that I've found documented, the below is the only one that actually seems to pull log information from the machine that I'm testing. However, when it does it, it creates dozens of security log entries as a side effect. Is there a way to get it to pull all the data at once, then do line by line operations (like I'm guessing the filtering commands do)?

I've gotten about as far as I can using Google, any guidance would be greatly appreciated.

 

$secLog = new-object system.diagnostics.eventlog("Security", $strComputer)
$colItems =  $secLog.entries `
    | Where {($_.TimeWritten -ge $startday) -and ( $_.message `
    -like "*Logon Type:'t2*" -or $_.message -like "*Logon Type:'t7*")}
You are not authorized to post a reply.
Forums > Using PowerShell > General PowerShell > Proper remote Security Log access


ActiveForums 3.7
right
   
footer Sponsored by Quest Software • SAPIEN Technologies • ShellTools, LLC • Microsoft Windows Server 2008 footer
footer