Hi all,
i wanna ask about filtering event log in windows 7 using powershell.
i have allready searching about it, but usually people filtering just using general information such as logname, keywords, event id and etc.
the thing is i wanna filtering using access list, and combine it with event id
for example about access list like picture below :
example access list
i really appreciate all suggestion and help,
thank in advance
Ashely McGlone (GoateePFE) has posted some really excellent content on Event Log filtering:
Microsoft Virtual Academy
Skip to the Forensic Investigations and Lockouts section, then Event Logs
You’ll need to use Get-WinEvent. I can’t see the log or full provider name, so I’ll use another example.
You can use a variety of filters in the hash, including id=, logname=, etc. to get the events you’re after. I’m using a date.
Get-WinEvent -FilterHashTable @{ProviderName='Service Control Manager'; StartTime=""} |
% {([xml]$_.ToXml()).Event.EventData.Data}