WMI Eventing (Subscription): Unterschied zwischen den Versionen
Aus Wiki-WebPerfect
Admin (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== Windows Eventlogs (All Windows Eventlogs) == === Register/Create Subscription (remote) === <source lang="powershell"> ##Event log watch -- Windows Eventlog…“) |
Admin (Diskussion | Beiträge) |
||
| Zeile 29: | Zeile 29: | ||
=== Unregister/Remove Subscription === | === Unregister/Remove Subscription === | ||
<source lang="powershell"> Unregister-Event -SourceIdentifier "RHEEventlog" </source> | <source lang="powershell"> Unregister-Event -SourceIdentifier "RHEEventlog" </source> | ||
| + | |||
| + | |||
| + | |||
| + | [[Kategorie:Windows]] | ||
| + | [[Kategorie:PowerShell]] | ||
Version vom 12. Juli 2021, 12:15 Uhr
Windows Eventlogs (All Windows Eventlogs)
Register/Create Subscription (remote)
##Event log watch -- Windows Eventlog $WMI = @{ SourceIdentifier = "RHEEventlog" Query = "select * from __InstanceCreationEvent where TargetInstance isa 'Win32_NtLogEvent'" #and (TargetInstance.EventCode = '3108')" Action = { $Eventrhe = $event.SourceEventArgs.NewEvent.TargetInstance $InsertStrings = $Eventrhe.InsertionStrings #InsertStrings = Windows Eventlog Variables $MemberNames = (($Eventrhe | Get-Member) | ? {($_.MemberType -eq "Property") -and !($_.Name -match "__")}).Name Foreach ($MemberName in $MemberNames) { Write-Host $MemberName":" $Eventrhe.$MemberName } $Nr = 0 Foreach ($InsertString in $InsertStrings) { $Nr++ Write-Host "InsertString($nr):" $InsertString -ForegroundColor red } Write-Host "---------------------------------------------------------------" -ForegroundColor Green } } $Null = Register-WMIEvent @WMI -ComputerName <Remote-Hostname>
Unregister/Remove Subscription
Unregister-Event -SourceIdentifier "RHEEventlog"
