我必须使用 get-wmiobject 从远程服务器中提取日志。WinEvent 不适用于 2003 服务器,我使用事件日志被阻止。当我在 powershell 中运行以下命令时,它工作得很好,但是当我将输出发送到文件时,我得到完全不同的结果,我不知道为什么?
Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")
powershell 中的输出:
Category : 8
CategoryString : Installation
EventCode : 19
EventIdentifier : 19
TypeEvent :
InsertionStrings : {Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)}
LogFile : System
Message : Installation Successful: Windows successfully installed the following update: Update for Microsoft .
NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2836941)
将同一命令制成变量并移动($x > file.txt)的输出完全不同。
servername\root\cimv2:Win32_NTLogEvent.Logfile="System",RecordNumber=89477
有任何想法吗?
编辑**
foreach($server in $servers) {
$day = (Get-Date -UFormat %d)
$hour = (Get-Date -UFormat %M)
if ( $hour -lt "30") {
$BeginDate=[System.Management.ManagementDateTimeConverter]::ToDMTFDateTime((get-date).AddDays(-30))
$log = (Get-WmiObject -computername $server -query "SELECT * FROM Win32_NTLogEvent WHERE (logfile='system') AND (EventCode='19') AND (TimeWritten>'$begindate')")
}
$FullLog += $server + '= [{
"logfile":"' + $log + '"
}]' + "`r`n"
}
Clear-Content UpdateLog.js
$FullLog > UpdateLog.js