I have a powershell script which looks like this:
# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-10)
# Store successful logon events from security logs with the specified dates and workstation/IP in an array
# foreach ($DC in $DCs){
# $slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4624 }
# }
$slogonevents = Get-Eventlog -LogName Security -after $startDate | where {$_.eventID -eq 4624 }
# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely
$(foreach ($e in $slogonevents){
# Logon Successful Events
# Local (Logon Type 2)
if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 2)){
write-host "Type: Local Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5] "`tWorkstation: "$e.ReplacementStrings[11]
}
# Remote (Logon Type 10)
if (($e.EventID -eq 4624 ) -and ($e.ReplacementStrings[8] -eq 10)){
write-host "Type: Remote Logon`tDate: "$e.TimeGenerated "`tStatus: Success`tUser: "$e.ReplacementStrings[5] "`tWorkstation: "$e.ReplacementStrings[11] "`tIP Address: "$e.ReplacementStrings[18]
}
}) *>&1 > D:\Cyber_security\Python\test.txt
After executing the script the result is redirected to a txtfile.When I try to work on test.txt like search for a string using python, the result shows nothing found. But when I copy paste the contents of test.txt in another textfile like ab.txt and try to search for a string using python it works....Why it doesn't work in test.txt?
CodePudding user response:
I suspect it is incorrectly encoding your text file with your:
*>&1 > D:\Cyber_security\Python\test.txt
command. Convert that command into an Out-File command and encode it as UTF-8 like this:
| Out-File C:\Temp\Test.txt -Encoding utf8
If that doesn't allow Python to correctly read the text file, you can also try encoding it as Unicode, UTF-16 or UTF-32 but UTF-8 should do it.