Get-EventLog - 缺少 DLL
Get-EventLog - Missing DLL
我正在尝试为我们的帮助台代理创建一个基本脚本,这将允许他们在 phone.
上查看特定日志文件而无需打开事件查看器以节省他们的时间
但是,我在使用 PowerShell 时遇到问题,其中某些事件 ID 没有显示实际的事件日志消息。
如果我运行以下:
Get-EventLog -ComputerName $env:COMPUTERNAME `
-LogName System `
-InstanceId 12 `
-Source Microsoft-Windows-Kernel-General |
Select-Object -Property Message
我希望收到实际事件日志中显示的消息:
相反,我得到的是:
The description for Event ID '12' in Source
'Microsoft-Windows-Kernel-General' cannot be found. The local
computer may not have the necessary registry information or message
DLL files to display the message, or you may not have permission to
access them. The following information is part of the event:'10',
'0', '15063', '726', '0', '0',
'2018-03-18T16:59:34.495252300Z'
我看到另一个 thread 关于使用 Get-WinEvent 不幸的是,这在我工作的环境中是不可能的。
阅读并关注 documentation:
Get-WinEvent
Module: Microsoft.PowerShell.Diagnostics
Gets events from event logs and event tracing log files on local and
remote computers.
…
Notes
- This cmdlet is designed to replace the
Get-EventLog cmdlet on computers running Windows Vista and later versions of Windows.
Get-EventLog gets events only in classic event logs.
Get-EventLog is retained in Windows PowerShell for backward compatibility.
Get-WinEvent cmdlet 允许您使用 XPath 查询、结构化 XML 查询和简化的哈希-table 查询来过滤事件(后者在以下示例中使用):
PS D:\PShell> Get-WinEvent -ComputerName $env:COMPUTERNAME `
-FilterHashtable @{
ProviderName = 'Microsoft-Windows-Kernel-General';
Id = '12';
LogName = 'System' } `
-MaxEvents 3 |
Format-Table -Property RecordId, Message
RecordId Message
-------- -------
14103 The operating system started at system time 2018-04-25T06:13:0...
13957 The operating system started at system time 2018-04-24T05:34:3...
13826 The operating system started at system time 2018-04-22T07:49:0...
另请参阅(过时的)Get-EventLog:
的相关输出
PS D:\PShell> Get-EventLog -ComputerName $env:COMPUTERNAME `
-LogName System `
-InstanceId 12 `
-Source Microsoft-Windows-Kernel-General `
-Newest 3 |
Select-Object -Property Index, Message
Index Message
----- -------
14103 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...
13957 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...
13826 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...
我正在尝试为我们的帮助台代理创建一个基本脚本,这将允许他们在 phone.
上查看特定日志文件而无需打开事件查看器以节省他们的时间但是,我在使用 PowerShell 时遇到问题,其中某些事件 ID 没有显示实际的事件日志消息。
如果我运行以下:
Get-EventLog -ComputerName $env:COMPUTERNAME `
-LogName System `
-InstanceId 12 `
-Source Microsoft-Windows-Kernel-General |
Select-Object -Property Message
我希望收到实际事件日志中显示的消息:
相反,我得到的是:
The description for Event ID '12' in Source
'Microsoft-Windows-Kernel-General' cannot be found. The local
computer may not have the necessary registry information or message
DLL files to display the message, or you may not have permission to
access them. The following information is part of the event:'10',
'0', '15063', '726', '0', '0',
'2018-03-18T16:59:34.495252300Z'
我看到另一个 thread 关于使用 Get-WinEvent 不幸的是,这在我工作的环境中是不可能的。
阅读并关注 documentation:
Get-WinEvent
Module:
Microsoft.PowerShell.DiagnosticsGets events from event logs and event tracing log files on local and remote computers.
…
Notes
- This cmdlet is designed to replace the
Get-EventLogcmdlet on computers running Windows Vista and later versions of Windows.Get-EventLoggets events only in classic event logs.Get-EventLogis retained in Windows PowerShell for backward compatibility.
Get-WinEvent cmdlet 允许您使用 XPath 查询、结构化 XML 查询和简化的哈希-table 查询来过滤事件(后者在以下示例中使用):
PS D:\PShell> Get-WinEvent -ComputerName $env:COMPUTERNAME `
-FilterHashtable @{
ProviderName = 'Microsoft-Windows-Kernel-General';
Id = '12';
LogName = 'System' } `
-MaxEvents 3 |
Format-Table -Property RecordId, Message
RecordId Message
-------- -------
14103 The operating system started at system time 2018-04-25T06:13:0...
13957 The operating system started at system time 2018-04-24T05:34:3...
13826 The operating system started at system time 2018-04-22T07:49:0...
另请参阅(过时的)Get-EventLog:
PS D:\PShell> Get-EventLog -ComputerName $env:COMPUTERNAME `
-LogName System `
-InstanceId 12 `
-Source Microsoft-Windows-Kernel-General `
-Newest 3 |
Select-Object -Property Index, Message
Index Message
----- -------
14103 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...
13957 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...
13826 The description for Event ID '12' in Source 'Microsoft-Windows-Kernel-...