Search for logon events in Security events using powershell

From Michael's Information Zone

Revision as of 10:39, 2 February 2018 by Michael.mast (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Get-EventLog -LogName 'Security' -InstanceId 4624 | select timegenerated,@{Label="User";Expression={$_.replacementStrings[5]}},@{Label="Machine";Expression={$_.replacementStrings[18]}} | where {($_.User -notlike "*$*")

To search specific date ranges, add the following

Get-EventLog -LogName 'Security' -InstanceId 4624 -After (date).AddDays(-1)...

Retrieved from "https://wiki.1701technology.com/index.php?title=Search_for_logon_events_in_Security_events_using_powershell&oldid=610"