PowerShell Tutorials Event Viewer #1 : Get-EventLog

Рет қаралды 13,140

Күн бұрын

Пікірлер: 21

@vladepast4936 2 жыл бұрын

Well, you are one of the few people that have a very good way to explain PS and how it works. Thank you! Keep posting. The future is yours man!

@jackedprogrammer 2 жыл бұрын

No problem, thank you! Glad you're enjoying the videos :)

@otvs5838 2 жыл бұрын

Excellent work and thank you for your time. we are expecting more from you especially to audit security events .

@jackedprogrammer 2 жыл бұрын

Thank you, glad your enjoying the videos :)

@henr2000 Жыл бұрын

this is an amazing work in teaching us how this work! thanks a lot buddy! you are the best 🤘

@danbromberg 2 жыл бұрын

Nicely done! I know PS is mainly for Admin types but if you could throw a few home user videos our way that'd be appreciated. Also, it would be helpful if you could write out the commands used for a quick cut & paste. BTW, couldn't get Get-EventLog -LogName Security to work on PSv7, so what is the best way to find if a command has been deprecated?

@bruuuuuuhhhhhhhhhhh 2 жыл бұрын

Well...that escalated quickly😵‍💫

@ThePiyush383 Жыл бұрын

Great explanation. However, i need to filter the "Message" field. I just replaced the "ReplacementStrings" with "Message" in your code. It dosen't give the similar type of output. Its listing just one alphabet for each position it seems the output was like, see below . Unlike in ReplacementStrings its give entire word or line 0 - A 1- e

@tersee123 5 ай бұрын

Do you have a copy of this video for “get win event,” power shell seven?

@fachriem 2 жыл бұрын

Great tutorial sir.. please show me how to append the logs into database table (ex: MySQL)

@kenstart6 Жыл бұрын

Is it possible to get the Event Log of a computer remotely ?

@davepete9537 7 ай бұрын

Hey sir. How can I filter event viewer security logs by event ID and Account Name using PowerShell ? Account Name, which was locked. I am specifically looking for event ID 4740 for Account Name, which was locked. Thanks.

@davidbeiler6364 Жыл бұрын

is the index the same one very pc?

@allferryrocha2698 2 жыл бұрын

Nice video as always mate. Maybe you could top it up with send an email notification if the even is found.😉

@jackedprogrammer 2 жыл бұрын

Thanks Allferry! Haha you read my mind, I have a video thats going to show how to send email using powershell coming very soon and Ill have other videos that will then use that feature.

@allferryrocha2698 2 жыл бұрын

@@jackedprogrammer Great mate. I’ve been suggesting your videos to my IT mates. They find them very useful. Good job.

@luisdeanda7892 2 жыл бұрын

How would you this by the day?

@jackedprogrammer 2 жыл бұрын

I would schedule this through the task scheduler for a time of day grabbing the last 24 hours of events you want to grab :)

@keriT0 Жыл бұрын

Hey thanks for your help!! and because you gave me an idea, I tried to pipe it in powershell heres the code. it took me hours to figure the getValue switch XDD Get-EventLog -LogName Security -Source "Microsoft-Windows-Security-Auditing" -EntryType FailureAudit -After $(Get-Date).AddHours(-10) | Select-Object -Property @{Name='Computer Name';Expression={$_.ReplacementStrings.GetValue(1)}},@{Name='Domain Name';Expression={$_.ReplacementStrings.GetValue(2)}},@{Name='User Name';Expression={$_.ReplacementStrings.GetValue(6)}}, @{Name='IP Address';Expression={$_.ReplacementStrings.GetValue(19)}}