Home > OS >  Powershell - property does not appear
Powershell - property does not appear

Time:06-26

I'm having great difficulty in putting the properties in the information that I export from the event log.

$event0 = Get-WinEvent -FilterHashTable @{Logname = 'Security'; ID = 4663 }
$events = $event0 | Select | Where { $_.Properties[9].Value -eq 65536 }

$teste = foreach ($event in $events) {
    $event2 = new-object psobject -Property @{
        TimeCreated = $event.TimeCreated
        EventID     = $event.Id
        User        = $event.Properties[1].Value
        Domain      = $event.Properties[2].Value
        LoginID     = $event.Properties[3].Value
        ObjectName  = $event.Properties[6].Value
        HandleID    = $event.Properties[7].Value
        ProcessName = $event.Properties[11].Value
        AccessMASK  = $event.Properties[9].Value
    }

    Write-Output "$($event2.TimeCreated), $($event2.EventId), $($event2.User), $($event2.Domain), $($event2.LoginID), $($event2.ObjectName), $($event2.HandleID), $($event2.ProcessName), $($event2.AccessMASK)" 
    $teste | ConvertTo-Html -Property TimeCreated, EventID, User, Domain, LoginID, ObjectName, HandleID, ProcessName, AccessMASK
}

$teste | Out-File -FilePath "Rel.html" -Append

the result shows the information without the property in the first row that serves to describe the data in each column.

Log Image

CodePudding user response:

You need to do the Convert-HTML on the whole result list and not on each individual records.

Only then you'll get the headers as you exepect in the resulting HTML.

$event0 = Get-WinEvent -FilterHashTable @{Logname = 'Security'; ID = 4663 }


$events = $event0 | Where { $_.Properties[9].Value -eq 65536 }

$teste = foreach ($event in $events) {
    [PsCustomObject] @{
        TimeCreated = $event.TimeCreated
        EventID     = $event.Id
        User        = $event.Properties[1].Value
        Domain      = $event.Properties[2].Value
        LoginID     = $event.Properties[3].Value
        ObjectName  = $event.Properties[6].Value
        HandleID    = $event.Properties[7].Value
        ProcessName = $event.Properties[11].Value
        AccessMASK  = $event.Properties[9].Value
    }
}

#Uncomment below if you want to see the result in the console.
#$teste | Format-Table

# Convert all results to a HTML table
$teste | ConvertTo-Html -Property TimeCreated, EventID, User, Domain, LoginID, ObjectName, HandleID, ProcessName, AccessMASK  | Out-File -FilePath "Rel.html"

Page link:https//www.codepudding.com/os/455003.html

Prev:How to solve GoRouter.routeInformationProvider missing error?
Next:How to prefix every blog slug with "new-" using htaccess
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding