0

出于某种原因,当我尝试使用安全选项时,它实际上并没有执行 get-eventlog cmdlet,而是将其写入屏幕,就像它被引用一样。其他日志在没有 try catch 块的情况下工作,但每当我使用 try catch 块设置它们时,它们仍然像引用 cmdlet 一样运行。

$eventlogname = Read-Host "Which event log category do wish to view? Enter Application, Security, Setup, System, or Forwarded events"
$lognumber = Read-Host "Enter the number of logs you wish to retrieve"

switch 
    ($eventlogname)
{
     Security {
            $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error, FailureAudit, SuccessAudit, or Information"
            $computernameeventlog = Read-Host "Please enter the hostname to query"

            if ($computernameeventlog -eq "localhost" )
            {
            try
                {
                    {
                    Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber -ErrorAction SilentlyContinue
                    }


                            }
                            catch [System.IO.IOException]
                            {
                                Write-Host "The hostname was incorrect or not available."
                            }
                            catch [System.InvalidOperationException]
                            {
                                Write-Host "The event log does not exist"
                            }
                    }
             else
                {

             try{
                    {
                        Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber -ErrorAction SilentlyContinue 
                    }
                        }
                            catch [System.IO.IOException]
                            {
                                Write-Host "The hostname was incorrect or not available."
                            }
                            catch [System.InvalidOperationException]
                            {
                                Write-Host "The event log does not exist"
                            }
                    }
                }

     "Forwarded events"
     {
        $computernamewinevent = Read-Host "Please enter the hostname to query"
        $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error or Information"
        if ($computernamewinevent -eq "localhost")
        {
            Get-WinEvent -logname forwardedevents -MaxEvents $lognumber | where {$_.leveldisplayname -contains $logseverity}
        }
        else
        {
            Get-WinEvent -logname forwardedevents -MaxEvents $lognumber -ComputerName $computername | where {$_.leveldisplayname -contains $logseverity}
        }
    }
    default
    {
    $logseverity = Read-Host "What event severity do you wish to view? Enter Critical, Warning, Error or Information"
    $computernameeventlog = Read-Host "Please enter the hostname to query"

    if ($computernameeventlog -eq "localhost" )

        {
            Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber 
        }



    else
        {
            Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber
        }
}
}
4

2 回答 2

2

在您的代码中,您已用方括号 ( ) 将命令括起来,{ }例如:

{
Get-EventLog -logname $eventlogname -EntryType $logseverity -ComputerName $computernameeventlog -Newest $lognumber -ErrorAction SilentlyContinue 
}

这将产生一个脚本块,它不会执行,而是作为字符串输出。你想要的是删除括号。

于 2014-12-13T20:35:27.090 回答
0

如果您要修复 Micky 提到的各种支架问题,您的 Catch 块仍然永远不会运行。在 Try 块中,您必须强制终止错误。你强迫它完全忽略错误:

#Note the changed error action:
Get-EventLog -logname $eventlogname -EntryType $logseverity -Newest $lognumber -ErrorAction Stop

#Get some help on the topic:
Get-Help about_Try_Catch_Finally

进一步阅读可能会有所帮助:

最后,在一边,考虑更具可读性的格式。一些流行的选择:

Try
{
    #Do something
}
Catch 
{
    #Catch
}

Try {
    #Do something
}
Catch {
    #Catch
}

许多人对这些和其他惯例有强烈的感情,但只要你坚持不懈,你就应该是好的。我看到了第一个示例的一些内容,但是在某些情况下,您缩进了第一个大括号,而不是将其与关键字对齐。

干杯!

于 2014-12-14T16:05:46.727 回答