Get-EventLog -Log“Microsoft-Windows-Ntfs/Operational”失败，并显示“不存在”

Question

> get-eventlog -List

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20’480      0 OverwriteAsNeeded      18’888 Application
  20’480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20’480      0 OverwriteAsNeeded           0 Key Management Service
  15’360      0 OverwriteAsNeeded      19’094 Operations Manager
                                              Security
   8’192      0 OverwriteAsNeeded       7’012 Symantec Endpoint Protection Client
  20’480      0 OverwriteAsNeeded     102’800 System
  15’360      0 OverwriteAsNeeded      14’144 Windows PowerShell

此外，文件还指出

Get-EventLog使用已弃用的 Win32 API。结果可能不准确。请改用 `Get-WinEvent? cmdlet。

因此使用获取 WinEvent，效果很好：

Get-WinEvent -LogName "Microsoft-Windows-Ntfs/Operational"


   ProviderName: Microsoft-Windows-Ntfs

TimeCreated                     Id LevelDisplayName Message
-----------                     -- ---------------- -------
21.06.2021 01:24:48            142 Information      Summary of disk space usage, since last event:...
21.06.2021 01:24:38            142 Information      Summary of disk space usage, since last event:...
21.06.2021 01:24:38            142 Information      Summary of disk space usage, since last event:...
20.06.2021 01:24:44            142 Information      Summary of disk space usage, since last event:...

Answer 1

获取事件日志只看到这个

> get-eventlog -List

  Max(K) Retain OverflowAction        Entries Log
  ------ ------ --------------        ------- ---
  20’480      0 OverwriteAsNeeded      18’888 Application
  20’480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20’480      0 OverwriteAsNeeded           0 Key Management Service
  15’360      0 OverwriteAsNeeded      19’094 Operations Manager
                                              Security
   8’192      0 OverwriteAsNeeded       7’012 Symantec Endpoint Protection Client
  20’480      0 OverwriteAsNeeded     102’800 System
  15’360      0 OverwriteAsNeeded      14’144 Windows PowerShell

此外，文件还指出

Get-EventLog使用已弃用的 Win32 API。结果可能不准确。请改用 `Get-WinEvent? cmdlet。

因此使用获取 WinEvent，效果很好：

Get-WinEvent -LogName "Microsoft-Windows-Ntfs/Operational"


   ProviderName: Microsoft-Windows-Ntfs

TimeCreated                     Id LevelDisplayName Message
-----------                     -- ---------------- -------
21.06.2021 01:24:48            142 Information      Summary of disk space usage, since last event:...
21.06.2021 01:24:38            142 Information      Summary of disk space usage, since last event:...
21.06.2021 01:24:38            142 Information      Summary of disk space usage, since last event:...
20.06.2021 01:24:44            142 Information      Summary of disk space usage, since last event:...

Get-EventLog -Log“Microsoft-Windows-Ntfs/Operational”失败，并显示“不存在”

答案1

相关内容