# Define the remote server name
$remoteServer = "SERVER_NAME"
# Define the credentials for authentication
$username = "USERNAME"
$password = "PASSWORD"
$securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $securePassword
# Define the time range for the last half hour
$startTime = (Get-Date).AddMinutes(-30)
$endTime = Get-Date
# Define the event ID for Netlogon 5810
$eventID = 5810
# Construct the filter for the desired event ID and time range
$filter = @"
<QueryList>
<Query>
<Select Path="Security">
*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and (EventID=$eventID)]]
and
*[System[TimeCreated[@SystemTime>='$($startTime.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ"))' and @SystemTime<='$($endTime.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ"))']]]
</Select>
</Query>
</QueryList>
"@
# Retrieve the events from the remote server with authentication
$events = Get-WinEvent -ComputerName $remoteServer -FilterXml $filter -Credential $credential
# Count the number of events
$eventCount = $events.Count
# Display the result
Write-Host "Number of Netlogon 5810 events in the last half hour: $eventCount"
”
使用powershell运行此代码会出现以下错误:
Get-WinEvent:Impossible de利耶le paramètre « FilterXml ».无法转换值« *[System[Provider[@Name ='Microsoft-Windows-Security-Auditing'] and(EventID=5810)]]和 *[System[TimeCreated[@SystemTime>='2023 -06- 14 T13:24:15 Z' and @SystemTime<='2023 -06- 14 T13:54:15 Z']] » en type «System.Xml.XmlDocument»。错误:«Le caractère '=',valeur hexadécimale 0x3D,ne peut pas begencer un nom. Ligne 6,position 90.»具体C:\Program Files\NSClient++\scripts\OPSSI\test.ps1:31:63
- ... = Get-WinEvent -ComputerName $remoteServer -FilterXml $filter -Creden ...
~~~~~~~
- 分类信息:InvalidArgument:(:)[Get-WinEvent],ParameterBindingException
- FullyQualifiedErrorId:CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.GetWinEventCommand
有人能告诉我如何修正过滤器变量吗?
我试图执行此代码,以获得过去半小时内远程服务器上所有5810个netlogon事件的计数,并得到上述错误。
1条答案
按热度按时间e4eetjau1#
您需要转义XPath中的
>=
和<=
运算符,这样它们就不会被解释为XML标记分隔符。<
的转义序列是<
,>
的转义序列是>
: