2

抱歉英语不好。

我在其中的 powershell 和事件转发机制方面遇到了一些麻烦。我试图做这样的事情:

$remoteComputer = "."
$session = New-PsSession $remoteComputer

Unregister-Event CatchEvent -ErrorAction SilentlyContinue
Invoke-Command $session {

    ## The WMI query to detect a stopping service
    $query = @"
        SELECT *
        FROM __instancecreationevent
        WHERE TargetInstance ISA 'Win32_NtLogEvent'
        and targetinstance.eventcode = '7036'
"@
    Register-WmiEvent -Query $query "CatchEvent" -Forward
}
$null = Register-EngineEvent CatchEvent -Action { $GLOBAL:MyEvent = $event}

$MyEvent 变量最后包含的不是事件信息,而是 system.string 类数据。 替代文字 http://eosfor.fileave.com/powershell.png

这个脚本有什么问题?

4

1 回答 1

0

Vasily Gusev 给了我一个答案

$query = "SELECT * FROM __instancecreationevent WHERE TargetInstance ISA 'Win32_NtLogEvent' AND TargetInstance.eventcode = '7036'"
Register-WmiEvent -Query $query -ComputerName client1 -Action {write-host "Service Stopped"}

再次。抱歉英语不好。如果有问题请纠正我:)

于 2010-01-11T06:57:54.663 回答