问题描述
好像是在 powershell 中,
echo ASDF | Select-String ASDF
输出明显的字符串,ASDF。
但是,如果我尝试查看 WinEvents 并寻找输出,即
Get-WinEvent -ListLog * | Select-String antrea
好像原始文本没有被扫描。
像使用标准 unix Grep 一样使用 Select-STring 的正确方法是什么?
解决方法
PowerShell 中的管道与 UNIX 风格的 shell 略有不同 - PowerShell 传递原始 .NET 对象引用,而不是将字符串输出从一个命令传递到下一个命令。
因此,您需要检查 Get-WinEvent 返回的对象的 属性 - 此处使用 Where-Object cmdlet:
Get-WinEvent -ListLog * |Where-Object LogName -Match SSH
如果要检查特定对象上的哪些属性可用,请使用 Get-Member cmdlet:
PS ~> Get-WinEvent -ListLog * |Get-Member -MemberType Property
TypeName: System.Diagnostics.Eventing.Reader.EventLogConfiguration
Name MemberType Definition
---- ---------- ----------
IsClassicLog Property bool IsClassicLog {get;}
IsEnabled Property bool IsEnabled {get;set;}
LogFilePath Property string LogFilePath {get;set;}
LogIsolation Property System.Diagnostics.Eventing.Reader.EventLogIsolation LogIsolation {get;}
LogMode Property System.Diagnostics.Eventing.Reader.EventLogMode LogMode {get;set;}
LogName Property string LogName {get;}
LogType Property System.Diagnostics.Eventing.Reader.EventLogType LogType {get;}
MaximumSizeInBytes Property long MaximumSizeInBytes {get;set;}
OwningProviderName Property string OwningProviderName {get;}
ProviderBufferSize Property System.Nullable[int] ProviderBufferSize {get;}
ProviderControlGuid Property System.Nullable[guid] ProviderControlGuid {get;}
ProviderKeywords Property System.Nullable[long] ProviderKeywords {get;set;}
ProviderLatency Property System.Nullable[int] ProviderLatency {get;}
ProviderLevel Property System.Nullable[int] ProviderLevel {get;set;}
ProviderMaximumNumberOfBuffers Property System.Nullable[int] ProviderMaximumNumberOfBuffers {get;}
ProviderMinimumNumberOfBuffers Property System.Nullable[int] ProviderMinimumNumberOfBuffers {get;}
ProviderNames Property System.Collections.Generic.IEnumerable[string] ProviderNames {get;}
SecurityDescriptor Property string SecurityDescriptor {get;set;}