小贝子编程

Powershell 7中是否有等效的新事件日志



我已经搜索了我能找到的每个关键字,看看PS7中是否有一个cmdlet等效于PS5中的New-EventLog?

这样的东西存在吗?

继续我的评论。对于一个简单的例子,以及在PSCore上处理用例的粗略方法。您需要查看文档以查看此类案例的所有选项。

Get-CimInstance -ClassName Cim_OperatingSystem
# Results
<#
SystemDirectory     Organization BuildNumber RegisteredUser SerialNumber            Version
---------------     ------------ ----------- -------------- ------------            -------
C:Windowssystem32              19041                      00329-00000-00003-AA986 10.0.19041
#>

$PSVersionTable.PSVersion
# Results
<#
Major  Minor  Patch  PreReleaseLabel BuildLabel
-----  -----  -----  --------------- ----------
7      1      3   
#>                   

# Get some event logs, just because
(Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue).LogName | 
Select-Object -First 9
# Results
<#
Windows PowerShell
System
Security
Key Management Service
Internet Explorer
HardwareEvents
Application
Windows Networking Vpn Plugin Platform/OperationalVerbose
Windows Networking Vpn Plugin Platform/Operational
#>
# Create a new event log
New-Item -Path 'HKLM:SYSTEMControlSet001ServicesEventlog' -Name 'MyEventLog' –Force
# Results
<#
Hive: HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlog
Name                           Property
----                           --------
MyEventLog     
#>                

# Get some event logs, just because
(Get-WinEvent -ListLog '*' -ErrorAction SilentlyContinue).LogName | 
Select-Object -First 9
# Results
<#
Windows PowerShell
System
Security
MyEventLog
Key Management Service
Internet Explorer
HardwareEvents
Application
Windows Networking Vpn Plugin Platform/OperationalVerbose
#>
# Write to it this way:
eventcreate /l MyEventLog /t Information /so TestWrite /id 1 /d "Test message"
# Results
<#
SUCCESS: An event of type 'Information' was created in the 'MyEventLog' log with 'TestWrite' as the source.
#>
Get-WinEvent -LogName 'MyEventLog'
# Results
<#
ProviderName: TestWrite
TimeCreated                     Id LevelDisplayName Message
-----------                     -- ---------------- -------
6/4/2021 6:12:30 PM              1 Information      Test message

(Get-WinEvent -LogName 'MyEventLog').Count
1
#>

由于它是旧的Win32 API,因此没有直接的等价物,但有一个New-WinEvent可能会对您有所帮助。

示例:

New-WinEvent -ProviderName Microsoft-Windows-PowerShell -Id 45090 -Payload @("Workflow", "Running")

如果您正在寻找一种创建事件源并记录事件的简单方法,可以在[System.Diagnostics.EventLog]类上使用静态方法。为内置应用程序事件日志创建新源并将事件写入应用程序日志的示例代码:

if (-not [System.Diagnostics.EventLog]::SourceExists("MyApp")) {
[System.Diagnostics.EventLog]::CreateEventSource("MyApp", "Application")
}
[System.Diagnostics.EventLog]::WriteEntry("MyApp", "Message Body", "Information", 1)

您可以使用[System.Diagnostics.EventLog] | Get-Member -Static查看此类上可用方法的列表,或者查看Microsoft文档以获取有关该类的详细信息。

创建事件源需要以管理员身份运行,并且EventLog类上的所有方法都将在非windows平台上抛出。

我刚刚遇到了同样的问题,发现虽然Get-EventLog在PowerShell中已被弃用,并被Get-WinEvent取代,但它在Windows PowerShell中仍然有效。我能够在Windows PowerShell ISE中运行它。如果你需要更多的信息,我很乐意提供尽可能多的例子。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium