event log failed logins
-
vendredi 9 mars 2012 09:29
Hi,
I wrote my first powershel script today to extract failed logins for a particular database on one of our servers.
$startdate = (Get-Date).AddDays(-31) $enddate = (Get-Date -f yyyy-MM-dd) $out_file = "\\sharepoint\DavWWWRoot\IT\\Access Login Failures\Failed_Logins_" + $enddate + ".csv" Get-EventLog Application -Computer DB01 -After $startdate |where{$_.Message -like "*Password*" -and $_.Message -notlike "*A'. *" }|where{$_.EventId -eq "18456"}|select username,message,timegenerated | export-csv $out_file -forceIt works well and extracts the two fields I need. Although I want to improve it by making it select only the username from the Eventlog 'message' column. The username is surrounded by two apostrophies e.g. 'USERNAME'.
Is this possible?
Toutes les réponses
-
vendredi 9 mars 2012 10:13
Hi,
Not tested but should works: @{l="username";e={$_.message -match "'.+'" | out-null; $matches[0]}}
Get-EventLog Application -Computer DB01 -After $startdate | where{$_.Message -like "*Password*" -and $_.Message -notlike "*A'. *" -and $_.EventId -eq "18456"} | select @{l="username";e={$_.message -match "'.+'" | out-null; $matches[0]}},message,timegenerated | export-csv $out_file -force- Proposé comme réponse Yan Li_Microsoft Contingent Staff, Moderator lundi 12 mars 2012 06:56
- Marqué comme réponse Yan Li_Microsoft Contingent Staff, Moderator jeudi 15 mars 2012 01:27
.png)
