Sign in to follow this  
Followers 0
iamtheky

Event - Powershell cmd and Time

2 posts in this topic

#1 ·  Posted (edited)

Working towards returning all powershell commands and the time they were executed.  This is close.

#include<array.au3>

$sCommand = "powershell Get-EventLog -logname 'Windows PowerShell'"
$sMessage = '-message "Provider*Function*is*Started*"'
$iPID = run($sCommand & " " & $sMessage & "| select -Property ('message','TimeWritten') | Format-List", "" , @SW_HIDE , $stdout_child)

$sOutput = ""

     While 1
        $sOutput &= StdoutRead($iPID)
        If @error Then ExitLoop
    WEnd

ProcessClose($iPID)

$aOutput = stringsplit($sOutput , @LF , 2)

$aMatchStarts = _ArrayFindAll($aOutput , "HostApplication" , 0 ,0 ,0 , 1)
$aMatchEnds = _ArrayFindAll($aOutput , "EngineVersion" , 0 ,0 ,0 , 1)

$sOutStr = ""

For $i = ubound($aMatchEnds) - 1 to 0 step -1

   $TimeIndex = _ArraySearch($aOutput , "TimeWritten" , $aMatchEnds[$i] , 0 ,0 , 1)

      For $k = $aMatchStarts[$i] to $aMatchEnds[$i] - 1
         If $k = $aMatchStarts[$i] Then
            $sOutStr &= stringtrimleft(stringstripWS($aOutput[$k] , 4) , 17)
         Else
            $sOutStr &= stringstripWS($aOutput[$k] , 4)
         EndIf
      Next

      $sOutStr &= "::" & $aOutput[$TimeIndex] & @LF

Next

consolewrite($sOutStr)

 

 

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0