powershell “Search-UnifiedAuditLog”将只返回100个项目,有什么建议可以扩展它吗?

py49o6xq  于 2023-01-05  发布在  Shell
关注(0)|答案(1)|浏览(103)

我有下面的脚本,我从这个链接https://www.easy365manager.com/office-365-forensics-using-powershell-and-search-unifiedauditlog/定制,以获取2个SharePoint站点的审核日志

Connect-ExchangeOnline
$SiteIDs = '64898c8f-2d5f-4e0e-9a9b-eb9828975a9e','20e6140c-0441-4988-b36c-c61cf3400847'
$Operations = @('FileAccessed','FileDownloaded','FileDeleted')
$OutputFile = ".\UnifiedAuditLog_FULL.csv"
$Today = Get-Date -Date (Get-Date -Format “yyyy-MM-dd”)
$intDays = 14
For ($i=0; $i -le $intDays; $i++){
  For ($j=23; $j -ge 0; $j--){
    $StartDate = ($Today.AddDays(-$i)).AddHours($j)
    $EndDate = ($Today.AddDays(-$i)).AddHours($j + 1)
    $Audit = Search-UnifiedAuditLog -StartDate $StartDate -EndDate $EndDate -SessionId "WordDocs_SharepointViews 123444" -SessionCommand ReturnLargeSet -SiteIds $SiteIDs -RecordType SharePointFileOperation -Operations $Operations 
    $ConvertAudit = $Audit | Select-Object -ExpandProperty AuditData | ConvertFrom-Json
    $OutputFile0 = ".\UnifiedAuditLog_FULL"+$i+$j+"ALL2.csv"
    $ConvertAudit | Select-Object CreationTime,UserId,Operation,Workload,ObjectID,SiteUrl,SourceFileName,ClientIP,UserAgent | Export-Csv $OutputFile0 -NoTypeInformation -Force -Append
    Write-Host $StartDate `t $Audit.Count
  }
}
Disconnect-ExchangeOnline

现在,每次调用Search-UnifiedAuditLog时,我将仅获得100个项目。现在,由于我使用了这些参数-SessionId "WordDocs_SharepointViews 123444" -SessionCommand ReturnLargeSet,因此,根据以下文档@ www.example.com,我将获得多达50,000个结果https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps#-sessioncommand
有什么建议吗,为什么我只得到100个项目?
谢啦,谢啦

7d7tgy0s

7d7tgy0s1#

您需要使用参数-ResultSize
ResultSize参数指定要返回的结果的最大数目。默认值为100,最大值为5,000。
参数记录如下:https://learn.microsoft.com/en-us/powershell/module/exchange/search-unifiedauditlog?view=exchange-ps

相关问题