PowerShell:如何获取有关WMI事件的详细信息?
[英]PowerShell: how to get detailed information about a WMI event?
问题描述
I'm learning PowerShell 2.0 on Windows 7. 
我正在Windows 7上学习PowerShell 2.0。
My task is simple: I want to listen for a WMI event and then display some information about it. 我的任务很简单:我想听WMI事件,然后显示有关它的一些信息。
Here is what I'm currently doing: 这是我目前正在做的事情:
Register-WmiEvent -class win32_ProcessStartTrace -sourceIdentifier processStart
Wait-Event
It seems to work. 似乎有效。 Indeed, I get this when I start a process: 确实,当我开始一个过程时,我得到了这个:
ComputerName :
RunspaceId : bb0f38b9-2f2e-4f7c-98ec-ec3811e8e601
EventIdentifier : 11
Sender : System.Management.ManagementEventWatcher
SourceEventArgs : System.Management.EventArrivedEventArgs
SourceArgs : {System.Management.ManagementEventWatcher, System.Management.EventArrivedEventArgs}
SourceIdentifier : processStart
TimeGenerated : 26/09/2009 15:19:25
MessageData :
Problem is, I don't know how to get detailed information about the event. 问题是,我不知道如何获取有关事件的详细信息。 For example, how do I get the name of the process that just started? 例如,如何获得刚开始的进程的名称? Ideally, I would have something like this: 理想情况下,我将具有以下内容:
__GENUS : 2
__CLASS : Win32_ProcessStartTrace
__SUPERCLASS : Win32_ProcessTrace
__DYNASTY : __SystemClass
__RELPATH :
__PROPERTY_COUNT : 7
__DERIVATION : {Win32_ProcessTrace, Win32_SystemTrace, __ExtrinsicEvent, __Event...}
__SERVER :
__NAMESPACE :
__PATH :
ParentProcessID : 1480
ProcessID : 6860
ProcessName : notepad++.exe
SECURITY_DESCRIPTOR :
SessionID : 1
Sid : {1, 5, 0, 0...}
TIME_CREATED : 128984449371986347
I can get the above information when I do 我可以得到以上信息
(get-event).sender.waitfornextevent()
But, obviously, that's not really what I had in mind - I don't want to wait for another event, I want info on the current one. 但是,显然,这并不是我真正想到的-我不想等待其他事件,我想要有关当前事件的信息。
1 个解决方案
解决方案1
1 已采纳 2009-09-26 13:46:22
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.