Powershell 写入事件日志换行符
Powershell Write-Eventlog Linebreak
我正在制作一个脚本来搜索所有具有特定操作系统的计算机,运行 通过白名单搜索它们,如果有计算机不在白名单上,我会写一个错误日志。日志现在看起来像这样:
@{名称=计算机名1;操作系统=Windows 10 企业; DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch;操作系统版本=10.0 (10586)}
但它应该是这样的:
名称=计算机名1
操作系统=Windows 10 Enterprise
DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch
操作系统版本=10.0 (10586)
我要删除@{},这4条信息要用换行符分隔。
我的代码:
$username = $env:UserName
$getad = Get-ADComputer -Filter {(operatingsystem -like "*Windows 10*" -and OperatingSystemVersion -notlike "*16299*" -and OperatingSystemVersion -notlike "*14393*" -and OperatingSystemVersion -notlike "*14279*" -and OperatingSystemVersion -notlike "*15063*" -and OperatingSystemVersion -notlike "*10159*" -and OperatingSystemVersion -notlike "*16193*" -and OperatingSystemVersion -notlike "*17025*" -and OperatingSystemVersion -notlike "*10074*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*Windows Vista*") -or (operatingsystem -like "*Windows XP*") -or (operatingsystem -like "*95*") -or (operatingsystem -like "*94*") -or ( operatingsystem -like "*Windows 8*" -and OperatingSystemVersion -notlike "*9600*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*2000 Professional*") -or (operatingsystem -like "*2000 Server*") -or (operatingsystem -like "*2003*") -or (operatingsystem -like "*Windows NT*") -or (operatingsystem -like "*Windows 7*" -and OperatingSystemVersion -notlike "*7601*" -and OperatingSystem -notlike "*LTSB")} -Properties ('Name', 'operatingsystem', 'DistinguishedName', 'OperatingsystemVersion') | ? {$_.distinguishedname -notlike "*OU=Oldwin10-Test,OU=a,OU=b,OU=c,OU=d,DC=e,DC=f,DC=ch"}
$whitelisted = Get-Content "C:\Users$username\Desktop\whitelistedpcs.txt"
$getad | Select-Object Name, Operatingsystem, DistinguishedName,
OperatingSystemVersion | ForEach-Object {
if ($whitelisted -match $_.DistinguishedName) {
}
else{
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message "$_"
}
}
您需要先将输出转换为字符串,然后再使用 Out-String 将其发送到 -Message 参数:
对于你的情况,我会试试这个:
[...] -EntryType Error -EventId 1 -Message ($_ | Format-List | Out-String)
另一个选项:
else{
$Message = @"
Name: $($_.name)
Operating System: $($_.Operatingsystem)
Distinguished Name: $($_.DistinguishedName)
Operating System Version: $($_.OperatingSystemVersion)
"@
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message $Message
}
如果你想要额外的行 space 在括号后的每一行末尾添加 `n(表示换行)
我正在制作一个脚本来搜索所有具有特定操作系统的计算机,运行 通过白名单搜索它们,如果有计算机不在白名单上,我会写一个错误日志。日志现在看起来像这样:
@{名称=计算机名1;操作系统=Windows 10 企业; DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch;操作系统版本=10.0 (10586)}
但它应该是这样的:
名称=计算机名1 操作系统=Windows 10 Enterprise DistinguishedName=CN=la,OU=computers,OU=lu,OU=Hosting,DC=a,DC=b,DC=ch 操作系统版本=10.0 (10586)
我要删除@{},这4条信息要用换行符分隔。
我的代码:
$username = $env:UserName
$getad = Get-ADComputer -Filter {(operatingsystem -like "*Windows 10*" -and OperatingSystemVersion -notlike "*16299*" -and OperatingSystemVersion -notlike "*14393*" -and OperatingSystemVersion -notlike "*14279*" -and OperatingSystemVersion -notlike "*15063*" -and OperatingSystemVersion -notlike "*10159*" -and OperatingSystemVersion -notlike "*16193*" -and OperatingSystemVersion -notlike "*17025*" -and OperatingSystemVersion -notlike "*10074*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*Windows Vista*") -or (operatingsystem -like "*Windows XP*") -or (operatingsystem -like "*95*") -or (operatingsystem -like "*94*") -or ( operatingsystem -like "*Windows 8*" -and OperatingSystemVersion -notlike "*9600*" -and OperatingSystem -notlike "*LTSB") -or (operatingsystem -like "*2000 Professional*") -or (operatingsystem -like "*2000 Server*") -or (operatingsystem -like "*2003*") -or (operatingsystem -like "*Windows NT*") -or (operatingsystem -like "*Windows 7*" -and OperatingSystemVersion -notlike "*7601*" -and OperatingSystem -notlike "*LTSB")} -Properties ('Name', 'operatingsystem', 'DistinguishedName', 'OperatingsystemVersion') | ? {$_.distinguishedname -notlike "*OU=Oldwin10-Test,OU=a,OU=b,OU=c,OU=d,DC=e,DC=f,DC=ch"}
$whitelisted = Get-Content "C:\Users$username\Desktop\whitelistedpcs.txt"
$getad | Select-Object Name, Operatingsystem, DistinguishedName,
OperatingSystemVersion | ForEach-Object {
if ($whitelisted -match $_.DistinguishedName) {
}
else{
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message "$_"
}
}
您需要先将输出转换为字符串,然后再使用 Out-String 将其发送到 -Message 参数:
对于你的情况,我会试试这个:
[...] -EntryType Error -EventId 1 -Message ($_ | Format-List | Out-String)
另一个选项:
else{
$Message = @"
Name: $($_.name)
Operating System: $($_.Operatingsystem)
Distinguished Name: $($_.DistinguishedName)
Operating System Version: $($_.OperatingSystemVersion)
"@
Write-EventLog -LogName Application -Source "OldWinalert" -EntryType Error -EventId 1 -Message $Message
}
如果你想要额外的行 space 在括号后的每一行末尾添加 `n(表示换行)