Windows
Get-EventLog -Log“Microsoft-Windows-Ntfs/Operational”因“不存在”而失敗
我正在製作一個腳本,它可以提取所有非空日誌並將它們保存為 evtx、csv 或 xml。我已經讓腳本適用於基本日誌(應用程序、安全性、系統等)以及那些有空格的日誌。但是,我不斷收到任何帶有正斜杠(
/)的錯誤(例如Microsoft-Windows-Ntfs/Operational)。我嘗試用破折號、空格、縮寫和下劃線交換/出來:它們都會導致下面的錯誤。***注意:***我
-newest 20在程式碼中用於測試,以減輕負載並節省時間。程式碼範例(獲得相同的結果):
get-eventlog -log "Microsoft-Windows-Ntfs/Operational" -newest 20或者
$Logname = "Microsoft-Windows-Ntfs/Operational" get-eventlog -log $logname -newest 20`錯誤:
get-eventlog : The event log 'Microsoft-Windows-Ntfs/Operational' on computer '.' does not exist. At line:1 char:1 + get-eventlog -log "Microsoft-Windows-Ntfs/Operational" -newest 20 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Get-EventLog], InvalidOperationException + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetEventLogCommand
Get-EventLog只看到這個
> get-eventlog -List Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 20’480 0 OverwriteAsNeeded 18’888 Application 20’480 0 OverwriteAsNeeded 0 HardwareEvents 512 7 OverwriteOlder 0 Internet Explorer 20’480 0 OverwriteAsNeeded 0 Key Management Service 15’360 0 OverwriteAsNeeded 19’094 Operations Manager Security 8’192 0 OverwriteAsNeeded 7’012 Symantec Endpoint Protection Client 20’480 0 OverwriteAsNeeded 102’800 System 15’360 0 OverwriteAsNeeded 14’144 Windows PowerShell此外,該文件還指出
Get-EventLog使用已棄用的 Win32 API。結果可能不准確。使用`Get-WinEvent? cmdlet 代替。因此使用Get-WinEvent,它工作正常:
Get-WinEvent -LogName "Microsoft-Windows-Ntfs/Operational" ProviderName: Microsoft-Windows-Ntfs TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 21.06.2021 01:24:48 142 Information Summary of disk space usage, since last event:... 21.06.2021 01:24:38 142 Information Summary of disk space usage, since last event:... 21.06.2021 01:24:38 142 Information Summary of disk space usage, since last event:... 20.06.2021 01:24:44 142 Information Summary of disk space usage, since last event:...