作为描述,我需要编写一个监视文件夹的powershell脚本。当进行更改(创建文件、删除、修改)时,我需要获取这些更改以获取 Windows 应用程序日志。
这是我的代码:
$watcher = New-Object System.IO.FileSystemWatcher
$watcher.Path = "C:\Users\Administrator\Desktop\delete-file-event"
$watcher.Filter = "*.*"
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true
$action = {
New-EventLog -LogName Application -source "logs"
Write-EventLog -LogName Application -Source "logs" -EntryType Information -EventId 1 -Message "nothing in here"
$path = $Event.SourceEventArgs.FullPath
$changeType = $Event.SourceEventArgs.ChangeType
$logline = "$(Get-Date), $changeType, $path"
Add-content "C:\Users\Administrator\Desktop\delete-file-event\log.txt" -value $logline
}
Register-ObjectEvent $watcher "Created" -Action $action
Register-ObjectEvent $watcher "Deleted" -Action $action
Register-ObjectEvent $watcher "Renamed" -Action $action
while ($true) {sleep 5}
此时它将进入应用程序日志,但这是因为代码:
New-EventLog -LogName Application -source "logs"
Write-EventLog -LogName Application -Source "logs" -EntryType Information -EventId 1 -Message "nothing in here"
我真的很感谢这里的一些帮助。提前致谢。