iamtheky Posted May 12, 2016 Posted May 12, 2016 (edited) Working towards returning all powershell commands and the time they were executed. This is close. expandcollapse popup#include<array.au3> $sCommand = "powershell Get-EventLog -logname 'Windows PowerShell'" $sMessage = '-message "Provider*Function*is*Started*"' $iPID = run($sCommand & " " & $sMessage & "| select -Property ('message','TimeWritten') | Format-List", "" , @SW_HIDE , $stdout_child) $sOutput = "" While 1 $sOutput &= StdoutRead($iPID) If @error Then ExitLoop WEnd ProcessClose($iPID) $aOutput = stringsplit($sOutput , @LF , 2) $aMatchStarts = _ArrayFindAll($aOutput , "HostApplication" , 0 ,0 ,0 , 1) $aMatchEnds = _ArrayFindAll($aOutput , "EngineVersion" , 0 ,0 ,0 , 1) $sOutStr = "" For $i = ubound($aMatchEnds) - 1 to 0 step -1 $TimeIndex = _ArraySearch($aOutput , "TimeWritten" , $aMatchEnds[$i] , 0 ,0 , 1) For $k = $aMatchStarts[$i] to $aMatchEnds[$i] - 1 If $k = $aMatchStarts[$i] Then $sOutStr &= stringtrimleft(stringstripWS($aOutput[$k] , 4) , 17) Else $sOutStr &= stringstripWS($aOutput[$k] , 4) EndIf Next $sOutStr &= "::" & $aOutput[$TimeIndex] & @LF Next consolewrite($sOutStr) Edited May 13, 2016 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now