Powershell小技巧之从文件获取系统日志
有时你可能会需要分析系统文件将他们传输到硬盘,或你想直接从“evtx”读取系统日志。
你可以这样做:
$path = "$env:windirSystem32WinevtLogsSetup.evtx" Get-WinEvent -Path $path
另附上一段获取系统日志的代码
$StartTime = (get-date).Date + (new-timespan -Hours 6 -Minutes 35) $EndTime = (get-date).Date + (new-timespan -Hours 6 -Minutes 36) $global:TaskStart $Global:TaskComplete $Global:events $Global:event $Global:TimeSpent $Global:events = get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational"; ID=107;StartTime=$StartTime;EndTime=$EndTime} Foreach($Global:event in $Global:events) { cls $StartLogs=get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational";ID=100;StartTime=$StartTime} $CompleteLogs=get-winevent -FilterHashtable @{logname = "Microsoft-Windows-TaskScheduler/Operational";id=102;StartTime=$StartTime} $global:TaskStart=$StartLogs | where {$_.ActivityId -eq $Global:event.ActivityId} $Global:TaskComplete=$CompleteLogs | where {$_.ActivityId -eq $Global:event.ActivityId} $global:TimeSpent=($global:TaskComplete.timeCreated-$global:TaskStart.timeCreated).TotaLMinutes if(($global:TaskStart -ne $NULL) -and ($Global:TaskComplete -ne $null) -and ($Global:TimeSpent -gt 1)){ $Messagebody="Sync task started at: "+$global:TaskStart.TimeCreated.DateTime+"`r`n" $Messagebody=$Messagebody+"`r`nSync task completed at: "+$global:TaskComplete.timeCreated.DateTime+"`r`n" $Messagebody=$Messagebody+"`r`nTask lasted for "+("{0:N2}" -f ($Global:TimeSpent) )+" minutes" Send-MailMessage -From "CustomerLog@avepoint.com" -To "Zhijie.bai@avepoint.com","Infrastructure_cn@avepoint.com" -Subject "Customer Logs Sync Report:Success" -Body $Messagebody -SmtpServer "10.100.100.153" -Encoding UTF8 } else{ $Messagebody="########################################################################`r`n" $Messagebody=$Messagebody+"`r`nCustom logs Sync failed, please login 10.2.0.125 to check and sync again`r`n" $Messagebody=$Messagebody+"`r`n########################################################################`r`n" Send-MailMessage -From "CustomerLog@avepoint.com" -To "Zhijie.bai@avepoint.com","Infrastructure_cn@avepoint.com" -Subject "Customer Logs Sync Report:Failed" -Body $Messagebody -SmtpServer "10.100.100.153" -Encoding UTF8 -Priority High } }
支持Powershell所有版本
Powershell小技巧之非相同域或信任域也能远程
默认通过Enable-PSRemoting打开PS远程,启动了Kerberos认证。这个方法只适合两台电脑在相同域或信任域内的指定电脑(名字可以带后缀).但它不支持跨域、
Powershell小技巧之开启关闭远程连接
如果你要通过Powershell远程访问电脑。这时你必须在对方电脑(你想要访问的电脑),用管理员权限执行下面代码:PSEnable-PSRemoting-SkipNetworkProfileCheck-Force
使用HTTP api简单的远程执行PowerShell脚本
可能有些情况下,你不想完全体验通过PSRP(PowerShell远程处理协议)远程管理,或有需要从非Windows系统上执行一些PowerShell脚本。你可能会像我很久之前