使用PowerShell登录,注销脚本分析
[英]Logon, logoff script analysing using PowerShell
问题描述
I'll first explain what I'm trying to achieve. 
我首先要解释一下我想要实现的目标。
For a project they want to monitor the pilot group of PCs. 对于他们想要监控PC试验组的项目。 And they want the following information: 他们想要以下信息:
- Total unique users that logged on 登录的唯一身份用户总数
- Total log on 总登录
- Time of each session per user 每个用户每个会话的时间
So I went ahead and created a logon- and logoff script. 所以我继续创建了一个登录和注销脚本。 The output of these scripts is a txt file each month. 这些脚本的输出每月都是一个txt文件。
For example: File 01-2017.txt contains: 例如:文件01-2017.txt包含:
25-01-2017,09:29,lky9,WS257737,Logon
25-01-2017,10:37,lky9,WS257737,Logoff
25-01-2017,10:01,1f57,WS157954,Logon
25-01-2017,10:29,7df6,WS248751,Logon
25-01-2017,10:34,7df6,WS248751,Logoff
25-01-2017,10:48,1f57,WS157954,Logoff
Now I have (unsuccesfully) tried getting all of this in an array, with Get-Content . 现在我已经(不成功地)尝试使用Get-Content在数组中获取所有这些Get-Content 。 Because when I can achieve this, I can try further. 因为当我能做到这一点时,我可以进一步尝试。 PowerShell skills still very poor, but I can manage arrays okay. PowerShell技能仍然很差,但我可以管理数组没关系。 So the questions is; 所以问题是;
Can anyone please explain to me how I get this in an array? 任何人都可以向我解释我是如何得到这个数组?
2 个解决方案
解决方案1
0 已采纳 2017-01-25 10:27:19
What you need is to import a CSV using the Import-CSV cmdlet since this will give you all records as an array of objects: 您需要的是使用Import-CSV cmdlet Import-CSV因为这将为您提供所有记录作为对象数组:
$logList = Import-Csv -Path "Path_to_01-2017.txt" -Header @('Date', 'Time', 'User', 'PC', 'Type')
Output: 输出:
Date : 25-01-2017
Time : 09:29
User : lky9
PC : WS257737
Type : Logon
Date : 25-01-2017
Time : 10:37
User : lky9
PC : WS257737
Type : Logoff
Date : 25-01-2017
Time : 10:01
User : 1f57
PC : WS157954
Type : Logon
Date : 25-01-2017
Time : 10:29
User : 7df6
PC : WS248751
Type : Logon
Date : 25-01-2017
Time : 10:34
User : 7df6
PC : WS248751
Type : Logoff
Date : 25-01-2017
Time : 10:48
User : 1f57
PC : WS157954
Type : Logoff
Example how you can use this to answer your questions: 举例说明如何使用它来回答您的问题:
#total unique users that logged on
$logList.User | select -Unique | Measure | select -ExpandProperty Count
#Total log on
$logList | where Type -eq LogOn | Measure | select -ExpandProperty Count
#Time of each session per user
# This is a bit tricky so I leave that up to you :p
解决方案2
0 2017-01-25 10:28:09
I'd use a totally different approach. 我会用一种完全不同的方法。 The event viewer holds the logon & logoff timestamp with a user id (I think it's the sid of the user). 事件查看器使用用户ID保存登录和注销时间戳(我认为它是用户的sid)。 Then you only need to keep track of unexpected restarts to make sure that's your cut off point for any sessions that only have a logon event up to that time. 然后,您只需要跟踪意外的重新启动,以确保对于那些仅具有该时间的登录事件的会话,这是您的截止点。
Then you can just run a script at any give time on a scheduled task or something. 然后,您可以在计划任务的任何给定时间运行脚本。 You won't have to run during logon/logoff which will probably impact logon time (not much but still). 您不必在登录/注销期间运行,这可能会影响登录时间(不多但仍然如此)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.