Nicely done! I know PS is mainly for Admin types but if you could throw a few home user videos our way that'd be appreciated. Also, it would be helpful if you could write out the commands used for a quick cut & paste. BTW, couldn't get Get-EventLog -LogName Security to work on PSv7, so what is the best way to find if a command has been deprecated?
Great explanation. However, i need to filter the "Message" field. I just replaced the "ReplacementStrings" with "Message" in your code. It dosen't give the similar type of output. Its listing just one alphabet for each position it seems the output was like, see below . Unlike in ReplacementStrings its give entire word or line 0 - A 1- e
Hey sir. How can I filter event viewer security logs by event ID and Account Name using PowerShell ? Account Name, which was locked. I am specifically looking for event ID 4740 for Account Name, which was locked. Thanks.
Thanks Allferry! Haha you read my mind, I have a video thats going to show how to send email using powershell coming very soon and Ill have other videos that will then use that feature.
Hey thanks for your help!! and because you gave me an idea, I tried to pipe it in powershell heres the code. it took me hours to figure the getValue switch XDD Get-EventLog -LogName Security -Source "Microsoft-Windows-Security-Auditing" -EntryType FailureAudit -After $(Get-Date).AddHours(-10) | Select-Object -Property @{Name='Computer Name';Expression={$_.ReplacementStrings.GetValue(1)}},@{Name='Domain Name';Expression={$_.ReplacementStrings.GetValue(2)}},@{Name='User Name';Expression={$_.ReplacementStrings.GetValue(6)}}, @{Name='IP Address';Expression={$_.ReplacementStrings.GetValue(19)}}
Well, you are one of the few people that have a very good way to explain PS and how it works. Thank you! Keep posting. The future is yours man!
No problem, thank you! Glad you're enjoying the videos :)
thank you so much! very simple and clear. Be blessed man.
Excellent work and thank you for your time. we are expecting more from you especially to audit security events .
Thank you, glad your enjoying the videos :)
this is an amazing work in teaching us how this work! thanks a lot buddy! you are the best 🤘
Nicely done! I know PS is mainly for Admin types but if you could throw a few home user videos our way that'd be appreciated. Also, it would be helpful if you could write out the commands used for a quick cut & paste.
BTW, couldn't get Get-EventLog -LogName Security to work on PSv7, so what is the best way to find if a command has been deprecated?
Do you have a copy of this video for “get win event,” power shell seven?
Is it possible to get the Event Log of a computer remotely ?
Great tutorial sir.. please show me how to append the logs into database table (ex: MySQL)
Great explanation. However, i need to filter the "Message" field. I just replaced the "ReplacementStrings" with "Message" in your code. It dosen't give the similar type of output. Its listing just one alphabet for each position it seems the output was like, see below . Unlike in ReplacementStrings its give entire word or line
0 - A
1- e
is the index the same one very pc?
Hey sir. How can I filter event viewer security logs by event ID and Account Name using PowerShell ? Account Name, which was locked. I am specifically looking for event ID 4740 for Account Name, which was locked. Thanks.
Well...that escalated quickly😵💫
How would you this by the day?
I would schedule this through the task scheduler for a time of day grabbing the last 24 hours of events you want to grab :)
Nice video as always mate. Maybe you could top it up with send an email notification if the even is found.😉
Thanks Allferry! Haha you read my mind, I have a video thats going to show how to send email using powershell coming very soon and Ill have other videos that will then use that feature.
@@jackedprogrammer Great mate. I’ve been suggesting your videos to my IT mates. They find them very useful. Good job.
Hey thanks for your help!! and because you gave me an idea, I tried to pipe it in powershell heres the code. it took me hours to figure the getValue switch XDD
Get-EventLog -LogName Security -Source "Microsoft-Windows-Security-Auditing" -EntryType FailureAudit -After $(Get-Date).AddHours(-10) | Select-Object -Property @{Name='Computer Name';Expression={$_.ReplacementStrings.GetValue(1)}},@{Name='Domain Name';Expression={$_.ReplacementStrings.GetValue(2)}},@{Name='User Name';Expression={$_.ReplacementStrings.GetValue(6)}}, @{Name='IP Address';Expression={$_.ReplacementStrings.GetValue(19)}}