Powershell / Sharepoint 审计日志,为每个用户输出一个文件
Powershell / Sharepoint Audit logs, output a file for each user
我是 运行 一个 Powershell 脚本,它在 24 小时内为所有用户返回选定的操作。我需要它为每个用户输出一个.csv文件。
我尝试在 $Audit 之前添加一个 For 循环,但失败了
$OutputFile = "c:\users\temp\downloads\unifiedlog.csv"
$Today = Get-Date -Date (Get-Date -Format “yyyy-MM-dd”)
$intDays = 1
For ($i=0; $i -le $intDays; $i++){
For ($j=23; $j -ge 0; $j--){
$StartDate = ($Today.AddDays(-$i)).AddHours($j)
$EndDate = ($Today.AddDays(-$i)).AddHours($j + 1)
$FileAccessOperations = @('FileAccessed', 'FileDownloaded', 'PageViewed', 'FileModified', 'FileUploaded', 'SharingSet')
$Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $FileAccessOperations -ResultSize 5000
$ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-Csv $OutputFile -NoTypeInformation -Append
Write-Host $StartDate `t $Audit.Count
}
}```
虽然我自己无法测试,但您可以执行以下操作:
$OutputPath = "c:\users\temp\downloads"
$Today = (Get-Date).Date # a REAL DateTimeObject for midnight today, not a formatted string
$FileAccessOperations = 'FileAccessed', 'FileDownloaded', 'PageViewed', 'FileModified', 'FileUploaded', 'SharingSet'
$intDays = 1
# loop through the days and hours to collect audit data
$result = for ($days = 0; $days -le $intDays; $days++) {
for ($hours = 23; $hours -ge 0; $hours--){
$StartDate = ($Today.AddDays(-$days)).AddHours($hours)
$EndDate = ($Today.AddDays(-$days)).AddHours($hours + 1)
$Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $FileAccessOperations -ResultSize 5000
$ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
# output toget collected in $result
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent
Write-Host "$StartDate `t $Audit.Count"
}
}
# group the resulting data on the UserId property and output each group as separate csv.
$result | Group-Object UserId | ForEach-Object {
$OutputFile = Join-Path -Path $OutputPath -ChildPath ('Audit {0}.csv' -f $_.Name)
$_.Group | Export-Csv $OutputFile -NoTypeInformation
}
我是 运行 一个 Powershell 脚本,它在 24 小时内为所有用户返回选定的操作。我需要它为每个用户输出一个.csv文件。
我尝试在 $Audit 之前添加一个 For 循环,但失败了
$OutputFile = "c:\users\temp\downloads\unifiedlog.csv"
$Today = Get-Date -Date (Get-Date -Format “yyyy-MM-dd”)
$intDays = 1
For ($i=0; $i -le $intDays; $i++){
For ($j=23; $j -ge 0; $j--){
$StartDate = ($Today.AddDays(-$i)).AddHours($j)
$EndDate = ($Today.AddDays(-$i)).AddHours($j + 1)
$FileAccessOperations = @('FileAccessed', 'FileDownloaded', 'PageViewed', 'FileModified', 'FileUploaded', 'SharingSet')
$Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $FileAccessOperations -ResultSize 5000
$ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-Csv $OutputFile -NoTypeInformation -Append
Write-Host $StartDate `t $Audit.Count
}
}```
虽然我自己无法测试,但您可以执行以下操作:
$OutputPath = "c:\users\temp\downloads"
$Today = (Get-Date).Date # a REAL DateTimeObject for midnight today, not a formatted string
$FileAccessOperations = 'FileAccessed', 'FileDownloaded', 'PageViewed', 'FileModified', 'FileUploaded', 'SharingSet'
$intDays = 1
# loop through the days and hours to collect audit data
$result = for ($days = 0; $days -le $intDays; $days++) {
for ($hours = 23; $hours -ge 0; $hours--){
$StartDate = ($Today.AddDays(-$days)).AddHours($hours)
$EndDate = ($Today.AddDays(-$days)).AddHours($hours + 1)
$Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -Operations $FileAccessOperations -ResultSize 5000
$ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
# output toget collected in $result
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent
Write-Host "$StartDate `t $Audit.Count"
}
}
# group the resulting data on the UserId property and output each group as separate csv.
$result | Group-Object UserId | ForEach-Object {
$OutputFile = Join-Path -Path $OutputPath -ChildPath ('Audit {0}.csv' -f $_.Name)
$_.Group | Export-Csv $OutputFile -NoTypeInformation
}