PowerShell Security Log

Question

PowerShell Security Log

I am writing a PowerShell Script that counts the number of 4624 EventIDs on a specific day, but I get lost when I am going to group information by date. Is there anyone who could help me? My conclusion should contain the date and number of logins for this day and nothing more.

Here is my code:

Get-EventLog "Security" -Before ([DateTime]::Now) |
    Where -FilterScript {$_.EventID -eq 4624}

+3

security powershell event-log

Laitosto Feb 17 '14 at 20:28

source share

1 answer

Keith hill · Accepted Answer · 2014-02-17T20:46:24+0000

Try the following:

Get-EventLog Security -Before ([DateTime]::Now) | 
    Where {$_.EventID -eq 4624} | 
    Group @{e={$_.TimeGenerated.Date}} | 
    Sort Count -desc

The command Group-Objectallows you to specify an expression to group the object. In this case, you want to group the part datein a DateTime. Also note that there is no need to argue, if they do not contain spaces or special characters, such as ;, @, {, $and (.

PowerShell Security Log

More articles: