Hi, everyone!
I'm new to PS, and I'm looking for an easy way to analyse Windows Security Log. I started to export SecLog records to CSV, parsing and splitting "Message" field into subfields. E.g., sec. log record on the screenshot below -
is converted with a simple (written by me: https://gist.github.com/anonymous/d6de3535d42ba8b498c4 ) PS function into a set of fields:
- Subject_SecurityID
- Subject_AccountName
- Subject_AccountDomain
- Subject_LogonID
- AccountWhoseCredentialsWereUsed_AccountName
- etc.
The problem is different records are split into different set of fields, because their Message field's contents differs. When I call Export-Csv on the collection of objects (records of sec. log) changed with Add-Members cmdlet (my custom parsed fields), resulting CSV file is formed with a set of fields that first object in the collection contains, missing all the other fields I need.
Maybe I'm completely wrong with this approach and there is a simpler way to export to CSV the union of all objects' properties in the collection, not only the first object's properties. Could someone help, please?
