xml - Powershell-获取高级事件日志信息（xml？）(Powershell - Getting advanced eventlog informations (xml?))

Question

I need to read specific informatiosn from eventlog.

(我需要从事件日志中阅读特定的信息。)

For example - Security log, ID 4648. With simple "Get-Eventlog" i can't get informations like TargetUserName or TargetDomainName in easy way - only from .message value, but it's way harder to read one/two informations from full text.

(例如-安全日志，ID4648。使用简单的“ Get-Eventlog”，我无法以简单的方式获取诸如TargetUserName或TargetDomainName之类的信息-仅从.message值获取，但要从全文中读取一两个信息则更加困难。)

Can i read this from XML eventlog, without exporting log to file?

(我可以在不将日志导出到文件的情况下从XML事件日志中读取此信息吗？)

  ask by MalySzaryCzlowiek translate from so

Answer 1

I would recommend using as described here: https://devblogs.microsoft.com/scripting/data-mine-the-windows-event-log-by-using-powershell-and-xml/

(我建议按如下所述使用： https : //devblogs.microsoft.com/scripting/data-mine-the-windows-event-log-by-using-powershell-and-xml/)

and here: https://blogs.technet.microsoft.com/ashleymcglone/2013/08/28/powershell-get-winevent-xml-madness-getting-details-from-event-logs/

(此处： https ： //blogs.technet.microsoft.com/ashleymcglone/2013/08/28/powershell-get-winevent-xml-madness-getting-details-from-event-logs/)

Which go into detail to achieve what you're looking for, additionally you can look further into the Get-EventLog cmdtlet: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-eventlog?view=powershell-5.1

(其中详细介绍了要实现的目标，此外，您还可以进一步研究Get-EventLog cmdtlet： https ://docs.microsoft.com/zh-cn/powershell/module/microsoft.powershell.management/get -eventlog？view = powershell-5.1)