Pull Account Name from Message in Eventlog - powershell

powershell powershell-2.0
11,829

Take a look at the second item of the ReplacementStrings property of each event. It contains the values embeded in the message.

get-eventlog -computername dc-01 -logname security | ?{$_.eventid -eq "4674"} | 
select machinename,eventid,@{n='AccountName';e={$_.ReplacementStrings[1]}},entrytype,message | 
convertto-html | out-file c:\test.html
Share:
11,829
JMeterX
Author by

JMeterX

User, n. The word computer professionals use when they mean "idiot." -Dave Barry

Updated on June 28, 2022

Comments

  • JMeterX
    JMeterX almost 2 years

    I want to pull the account name from the message property in an event log. For instance I am running the following command:

    get-eventlog -computername dc-01 -logname security | ?{$_.eventid -eq "4674"} | convertto-html -property machinename,eventid,entrytype,message | out-file c:\test.html

    I want to be able to pull the account name out of message but not necessary for specific users. Ideally, it would create another column named Account Name which we could sort on

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apply service packs (.msu file) update using powershell scripts on local server
Convert PowerShell script into non-readable format
Search for special characters in a string in PowerShell
Powershell search matching string in word document
Load powershell script to be callable at any time
PowerShell Tee-Object without overwriting file
How to get list of drive letters in Powershell 2.0
Pass a Team City Parameter to a PowerShell file
ERROR: Description = Invalid query
How can a Windows PowerShell script pass its parameters through to another script invocation?