Logon, logoff script analysing using PowerShell
Question
I'll first explain what I'm trying to achieve.
For a project they want to monitor the pilot group of PCs. And they want the following information:
- Total unique users that logged on
- Total log on
- Time of each session per user
So I went ahead and created a logon- and logoff script. The output of these scripts is a txt file each month.
For example: File 01-2017.txt contains:
25-01-2017,09:29,lky9,WS257737,Logon
25-01-2017,10:37,lky9,WS257737,Logoff
25-01-2017,10:01,1f57,WS157954,Logon
25-01-2017,10:29,7df6,WS248751,Logon
25-01-2017,10:34,7df6,WS248751,Logoff
25-01-2017,10:48,1f57,WS157954,Logoff
Now I have (unsuccesfully) tried getting all of this in an array, with Get-Content . Because when I can achieve this, I can try further. PowerShell skills still very poor, but I can manage arrays okay. So the questions is;
Can anyone please explain to me how I get this in an array?
2 answers
solution1
0 ACCPTED 2017-01-25 10:27:19
What you need is to import a CSV using the Import-CSV cmdlet since this will give you all records as an array of objects:
$logList = Import-Csv -Path "Path_to_01-2017.txt" -Header @('Date', 'Time', 'User', 'PC', 'Type')
Output:
Date : 25-01-2017
Time : 09:29
User : lky9
PC : WS257737
Type : Logon
Date : 25-01-2017
Time : 10:37
User : lky9
PC : WS257737
Type : Logoff
Date : 25-01-2017
Time : 10:01
User : 1f57
PC : WS157954
Type : Logon
Date : 25-01-2017
Time : 10:29
User : 7df6
PC : WS248751
Type : Logon
Date : 25-01-2017
Time : 10:34
User : 7df6
PC : WS248751
Type : Logoff
Date : 25-01-2017
Time : 10:48
User : 1f57
PC : WS157954
Type : Logoff
Example how you can use this to answer your questions:
#total unique users that logged on
$logList.User | select -Unique | Measure | select -ExpandProperty Count
#Total log on
$logList | where Type -eq LogOn | Measure | select -ExpandProperty Count
#Time of each session per user
# This is a bit tricky so I leave that up to you :p
solution2
0 2017-01-25 10:28:09
I'd use a totally different approach. The event viewer holds the logon & logoff timestamp with a user id (I think it's the sid of the user). Then you only need to keep track of unexpected restarts to make sure that's your cut off point for any sessions that only have a logon event up to that time.
Then you can just run a script at any give time on a scheduled task or something. You won't have to run during logon/logoff which will probably impact logon time (not much but still).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.