PowerShell Tutorials Event Viewer #1 : Get-EventLog

Рет қаралды 14,132

Күн бұрын

Пікірлер: 22

@vladepast4936 2 жыл бұрын

Well, you are one of the few people that have a very good way to explain PS and how it works. Thank you! Keep posting. The future is yours man!

@jackedprogrammer 2 жыл бұрын

No problem, thank you! Glad you're enjoying the videos :)

@user-ur6tn6tp6h 2 ай бұрын

thank you so much! very simple and clear. Be blessed man.

@otvs5838 2 жыл бұрын

Excellent work and thank you for your time. we are expecting more from you especially to audit security events .

@jackedprogrammer 2 жыл бұрын

Thank you, glad your enjoying the videos :)

@henr2000 Жыл бұрын

this is an amazing work in teaching us how this work! thanks a lot buddy! you are the best 🤘

@danbromberg 2 жыл бұрын

Nicely done! I know PS is mainly for Admin types but if you could throw a few home user videos our way that'd be appreciated. Also, it would be helpful if you could write out the commands used for a quick cut & paste. BTW, couldn't get Get-EventLog -LogName Security to work on PSv7, so what is the best way to find if a command has been deprecated?

@ThePiyush383 Жыл бұрын

Great explanation. However, i need to filter the "Message" field. I just replaced the "ReplacementStrings" with "Message" in your code. It dosen't give the similar type of output. Its listing just one alphabet for each position it seems the output was like, see below . Unlike in ReplacementStrings its give entire word or line 0 - A 1- e

@kenstart6 Жыл бұрын

Is it possible to get the Event Log of a computer remotely ?

@tersee123 8 ай бұрын

Do you have a copy of this video for “get win event,” power shell seven?

@davidbeiler6364 2 жыл бұрын

is the index the same one very pc?

@davepete9537 10 ай бұрын

Hey sir. How can I filter event viewer security logs by event ID and Account Name using PowerShell ? Account Name, which was locked. I am specifically looking for event ID 4740 for Account Name, which was locked. Thanks.

@fachriem 2 жыл бұрын

Great tutorial sir.. please show me how to append the logs into database table (ex: MySQL)

@luisdeanda7892 2 жыл бұрын

How would you this by the day?

@jackedprogrammer 2 жыл бұрын

I would schedule this through the task scheduler for a time of day grabbing the last 24 hours of events you want to grab :)

@allferryrocha2698 3 жыл бұрын

Nice video as always mate. Maybe you could top it up with send an email notification if the even is found.😉

@jackedprogrammer 3 жыл бұрын

Thanks Allferry! Haha you read my mind, I have a video thats going to show how to send email using powershell coming very soon and Ill have other videos that will then use that feature.

@allferryrocha2698 3 жыл бұрын

@@jackedprogrammer Great mate. I’ve been suggesting your videos to my IT mates. They find them very useful. Good job.

@bruuuuuuhhhhhhhhhhh 2 жыл бұрын

Well...that escalated quickly😵‍💫

@keriT0 2 жыл бұрын

Hey thanks for your help!! and because you gave me an idea, I tried to pipe it in powershell heres the code. it took me hours to figure the getValue switch XDD Get-EventLog -LogName Security -Source "Microsoft-Windows-Security-Auditing" -EntryType FailureAudit -After $(Get-Date).AddHours(-10) | Select-Object -Property @{Name='Computer Name';Expression={$_.ReplacementStrings.GetValue(1)}},@{Name='Domain Name';Expression={$_.ReplacementStrings.GetValue(2)}},@{Name='User Name';Expression={$_.ReplacementStrings.GetValue(6)}}, @{Name='IP Address';Expression={$_.ReplacementStrings.GetValue(19)}}