监视forwardedEvents Windows日志
[英]Monitoring The forwardedEvents windows log
问题描述
I am trying to debug an issue where forwarded windows events are picked up using a splunk forwarder but are taking up to thirty minutes to get through the system. 
我正在尝试调试一个问题,其中使用splunk转发器拾取了转发的Windows事件,但要花费30分钟才能通过系统。
I can generate a unique event and want to determine when it hits the forwarded event log. 我可以生成一个唯一事件,并希望确定它何时到达转发的事件日志。 I can run get-winevent and look for it that way, but the event file is so big that it can take a real long time to parse. 我可以运行get-winevent并以这种方式查找它,但是事件文件太大,以至于可能需要花费很长时间来解析。 What I would like is someway to watch the event log stream waiting for my input. 我想要以某种方式观看事件日志流等待我的输入。
Any ideas? 有任何想法吗?
1 个解决方案
解决方案1
0 2017-06-22 09:24:39
Perhaps not quite what You need, however: 不过,也许不是您所需要的:
#function fun {
$s = {
$now = Get-Date
$yesterday = $now.AddDays(-1)
$rh = Read-Host "Today -- Yesterday"
if ($rh -like "Today") {
Get-WinEvent -LogName "System" | ? {$_.TimeCreated.ToString().Split(" ")[0] -like $now.ToString().Split(" ")[0] }
$rerun = read-host "Rerun Script?"
if ($rerun -eq "Y"){&$s}
}
if ($rh -like "Yesterday") {
Get-WinEvent -LogName "System" | ? {$_.TimeCreated.ToString().Split(" ")[0] -like $yesterday.ToString().Split(" ")[0] }
$rerun = read-host "Rerun Script?"
if ($rerun -eq "Y"){&$s}
}
else {}
}
&$s
#}fun
If You press Y after "Rerun Script?" 如果在“重新运行脚本”之后按Y键。 programm will be returned to start 程序将返回开始
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.