1

我正在构建一个 powershell 函数,这样我就可以查询多台计算机的事件日志。我已经复制了下面需要帮助的代码。如果我不发送 eventID,我希望脚本找到所有事件 ID,我该如何实现?

#this would be the parameter part of the script
[String]$ComputerName = $env:COMPUTERNAME#Current computer 
[String[]]$EventLogNames=@("Application","System")#Main eventlogs 
[int[]]$EventIds = 1 #Event Ids 
[System.DateTime[]]$EventStartDate = (((Get-Date).addDays(-2)).date)#date 10 days ago 
[System.DateTime[]]$EventEndTime = (Get-Date)#date 10 days ago 

#This fits in the process section
$EventCritea = @{logname = $EventLogNames; StartTime=$EventStartDate; EndTime=$EventEndTime; ID=$EventIds}
Get-WinEvent -ComputerName $ComputerName -FilterHashTable $EventCritea  -ErrorAction SilentlyContinue
4

1 回答 1

3

首先,您的另一个问题修复了$EventStartDateand的类型$EventEndTime

对于这个问题:逐步构建哈希表:

$filter = @{logname = $EventLogNames; StartTime=$EventStartDate; EndTime=$EventEndTime}

if ($EventIds -ne $null -and $EventIds.Length -gt 0) {
  $filter.ID=$EventIds
}

Get-WinEvent -ComputerName $ComputerName -FilterHashTable $filter #...
于 2012-05-20T16:18:34.870 回答