我有下面的脚本,我从这个链接https://www.easy365manager.com/office-365-forensics-using-powershell-and-search-unifiedauditlog/定制,以获取2个SharePoint站点的审核日志
Connect-ExchangeOnline
$SiteIDs = '64898c8f-2d5f-4e0e-9a9b-eb9828975a9e','20e6140c-0441-4988-b36c-c61cf3400847'
$Operations = @('FileAccessed','FileDownloaded','FileDeleted')
$OutputFile = ".\UnifiedAuditLog_FULL.csv"
$Today = Get-Date -Date (Get-Date -Format “yyyy-MM-dd”)
$intDays = 14
For ($i=0; $i -le $intDays; $i++){
For ($j=23; $j -ge 0; $j--){
$StartDate = ($Today.AddDays(-$i)).AddHours($j)
$EndDate = ($Today.AddDays(-$i)).AddHours($j + 1)
$Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -SessionId "WordDocs_SharepointViews 123444" -SessionCommand ReturnLargeSet -SiteIds $SiteIDs -RecordType SharePointFileOperation -Operations $Operations
$ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
$OutputFile0 = ".\UnifiedAuditLog_FULL"+$i+$j+"ALL2.csv"
$ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-Csv $OutputFile0 -NoTypeInformation -Force -Append
Write-Host $StartDate `t $Audit.Count
}
}
Disconnect-ExchangeOnline
现在,每次调用Search-UnifiedAuditLog
时,我将仅获得100个项目。现在,由于我使用了这些参数-SessionId "WordDocs_SharepointViews 123444" -SessionCommand ReturnLargeSet
,因此,根据以下文档@ www.example.com,我将获得多达50,000个结果https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-sessioncommand
有什么建议吗,为什么我只得到100个项目?
谢啦,谢啦
1条答案
按热度按时间7d7tgy0s1#
您需要使用参数
-ResultSize
ResultSize参数指定要返回的结果的最大数目。默认值为100,最大值为5,000。
参数记录如下:https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps