microsoft_windows:terminalserver:logs
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
microsoft_windows:terminalserver:logs [2020/03/09 16:26] – rodolico | microsoft_windows:terminalserver:logs [2020/03/10 01:45] (current) – rodolico | ||
---|---|---|---|
Line 13: | Line 13: | ||
# https:// | # https:// | ||
+ | # get date range from user | ||
+ | # NOTE: might be good to get EventID we are looking for also | ||
do { | do { | ||
$startDate = Read-Host "Enter the reports start date as dd/ | $startDate = Read-Host "Enter the reports start date as dd/ | ||
Line 20: | Line 22: | ||
} while ( $startDate -isnot [datetime] -And $endDate -isnot [datetime] ) | } while ( $startDate -isnot [datetime] -And $endDate -isnot [datetime] ) | ||
+ | # this was used when it was a static entry, but unused now | ||
#$startDate = (Get-Date -Year $year -Month $month -Day 01) | #$startDate = (Get-Date -Year $year -Month $month -Day 01) | ||
#$endDate = (Get-Date -Year 2020 -Month 03 -Day 01) | #$endDate = (Get-Date -Year 2020 -Month 03 -Day 01) | ||
+ | # name of the log to read. This contains activity on the Terminal Services | ||
$LogName = ' | $LogName = ' | ||
+ | # we'll store results in this array | ||
$Results = @() | $Results = @() | ||
+ | # Get all events. See | ||
+ | # https:// | ||
+ | # for additional parameters. We might be able to speed processing with | ||
+ | # Get-WinEvent -LogName $LogName | Where-Object { $_.TimeCreated -ge $startDate -And $_.TimeCreated -le $endDate | ||
$Events = Get-WinEvent -LogName $LogName | $Events = Get-WinEvent -LogName $LogName | ||
+ | # loop through all the events we found | ||
foreach ($Event in $Events) { | foreach ($Event in $Events) { | ||
+ | # convert to xml? | ||
$EventXml = [xml]$Event.ToXML() | $EventXml = [xml]$Event.ToXML() | ||
- | if ( $Event.Id -eq 25 -And $Event.TimeCreated -ge $startDate -And $Event.TimeCreated -lt $endDate ) { | + | |
+ | | ||
+ | # found one, so plug the stuff into a hash | ||
$ResultHash = @{ | $ResultHash = @{ | ||
Time = $Event.TimeCreated.ToString() | Time = $Event.TimeCreated.ToString() | ||
Line 37: | Line 50: | ||
' | ' | ||
} | } | ||
+ | # then, take the result and append it to our results array | ||
$Results += (New-Object PSObject -Property $ResultHash) | $Results += (New-Object PSObject -Property $ResultHash) | ||
} | } | ||
- | |||
} | } | ||
+ | # figure out where to put the file | ||
$currentDir = $(get-location).Path; | $currentDir = $(get-location).Path; | ||
+ | # and create a file name from the path and the start/end date | ||
$currentDir = " | $currentDir = " | ||
+ | # dump it as CSV so they can read it via a spreadsheet. | ||
$Results | Export-Csv -Path $currentDir; | $Results | Export-Csv -Path $currentDir; | ||
</ | </ |
microsoft_windows/terminalserver/logs.txt · Last modified: 2020/03/10 01:45 by rodolico