问题描述
我真的需要你的帮助,我已经制作了一个将日志导出到 csv 文件的脚本:
Set-Variable -Name EventAgeDays -Value 1
Set-Variable -Name CompArr -Value @("Localhost")
Set-Variable -Name LogNames -Value @("Security","Application","System")
Set-Variable -Name EventTypes -Value @("information","Error","Warning","FailureAudit","SuccessAudit")
Set-Variable -Name ExportFolder -Value "C:\"
$el_c = @()
$Now = [System.TimeZoneInfo]::ConvertTimeBySystemTimeZoneId($(Get-Date),[System.TimeZoneInfo]::Local.Id,'GMT Standard Time')
$startdate=$Now.adddays(-$EventAgeDays)
$ExportFile=$ExportFolder + "mx_sugus_poc_" + $Now.ToString("yyyy.MM.dd_hh.mm") + ".csv"
foreach($comp in $CompArr)
{
foreach($log in $LogNames)
{
Write-Host Processing $comp\$log
$el = get-eventlog -ComputerName $comp -log $log -After $startdate -EntryType $EventTypes -Message "*"
$el_c += $el
}
}
$el_sorted = $el_c | sort-object TimeGenerated
Write-Host Exporting to $ExportFile
$el_sorted|Select TimeGenerated,EntryType,Source,EventID,MachineName,UserName,Message | export-CSV $ExportFile -NoTypeInfo
另外,我更改了 GMT 格式的日期。
我想更改日志中的搜索,而不是每天每小时更改一次。
你能帮我解决这个问题吗???
非常感谢!!!
解决方法
将 $startdate=$now.adddays(-$EventAgeDays) 改为 $startdate=$now.addHours(-1)