WMI Eventing (Subscription): Unterschied zwischen den Versionen

##Event log watch -- Windows Eventlog
$WMI = @{
    SourceIdentifier = "RHEEventlog"
    Query = "select * from __InstanceCreationEvent where TargetInstance isa 'Win32_NtLogEvent'" #and (TargetInstance.EventCode = '3108')"
    Action = {
        $Eventrhe = $event.SourceEventArgs.NewEvent.TargetInstance
        $InsertStrings = $Eventrhe.InsertionStrings #InsertStrings = Windows Eventlog Variables
        $MemberNames = (($Eventrhe | Get-Member) | ? {($_.MemberType -eq "Property") -and !($_.Name -match "__")}).Name
 
            Foreach ($MemberName in $MemberNames) {
                Write-Host $MemberName":" $Eventrhe.$MemberName
            } 
 
            $Nr = 0
            Foreach ($InsertString in $InsertStrings) {
                $Nr++
                Write-Host "InsertString($nr):" $InsertString -ForegroundColor red
            }
        Write-Host "---------------------------------------------------------------" -ForegroundColor Green
    }
}
$Null = Register-WMIEvent @WMI -ComputerName <Remote-Hostname>

 Unregister-Event -SourceIdentifier "RHEEventlog"

 Get-EventSubscriber

#Filter
#Creating a new event filter
$wmiParams.Class = '__EventFilter'
$wmiParams.Arguments = @{
    Name = 'ServiceFilter'
    EventNamespace = 'root\CIMV2'
    QueryLanguage = 'WQL'
    Query = "select * from __instanceModificationEvent within 5 where targetInstance isa 'win32_Service'"
}
$filterResult = Set-WmiInstance @wmiParams
 
 
#Consumer
$wmiParams.Class = 'LogFileEventConsumer'
$wmiParams.Arguments = @{
    Name = 'ServiceConsumer'
    Text = 'A change has occurred on the service: %TargetInstance.DisplayName%'
    FileName = "C:\Temp\Log.log"
}
$consumerResult = Set-WmiInstance @wmiParams
 
 
#Binding
$wmiParams.Class = '__FilterToConsumerBinding'
$wmiParams.Arguments = @{
    Filter = $filterResult
    Consumer = $consumerResult
}
$bindingResult = Set-WmiInstance @wmiParams