有没有办法在 LAN 上的所有事件日志中搜索特定事件？

Question 1

您可以将 Windows 事件日志事件广播到系统日志服务器使用类似 Eventlog 到 Syslog 服务实用程序或者类似的软件EventLog 检查器。

Answer

您可以将 Windows 事件日志事件广播到系统日志服务器使用类似 Eventlog 到 Syslog 服务实用程序或者类似的软件EventLog 检查器。

Question 2

您可以使用 PowerShell 搜索远程计算机上的事件日志，方法是使用System.Diagnostics.EventLog。假设您要查找的事件位于系统日志中...

# get a list of all server names, maybe from AD, we'll assume it's in a variable called $serverlist  
$eventIdToFind = "1234" # or whatever ID you're looking for
$logToSearch = "System"
foreach ($aServer in $serverlist) {  
  $theLog = New-Object System.Diagnostics.EventLog($logToSearch, $aServer)  
  $matchingEventList = $theLog.Entries | where { $_.EventId -eq $eventToFind }
  if ($null -ne $machingEventList -and $matchingEventList.Count -gt 0) {  
    "Event Found on $aServer" # or do something else with it here  
  }  
}

Answer

您可以使用 PowerShell 搜索远程计算机上的事件日志，方法是使用System.Diagnostics.EventLog。假设您要查找的事件位于系统日志中...

# get a list of all server names, maybe from AD, we'll assume it's in a variable called $serverlist  
$eventIdToFind = "1234" # or whatever ID you're looking for
$logToSearch = "System"
foreach ($aServer in $serverlist) {  
  $theLog = New-Object System.Diagnostics.EventLog($logToSearch, $aServer)  
  $matchingEventList = $theLog.Entries | where { $_.EventId -eq $eventToFind }
  if ($null -ne $machingEventList -and $matchingEventList.Count -gt 0) {  
    "Event Found on $aServer" # or do something else with it here  
  }  
}

有没有办法在 LAN 上的所有事件日志中搜索特定事件？

答案1

答案2

相关内容