I have a script to run on the security log to show account name in the log that is outputted. problem is I am not sure how to 'find' and bind this item out of the log
$ELogs = Get-EventLog security -Source Microsoft-windows-security-auditing -After (Get-Date).AddDays(- $Days) -ComputerName $Computer
If ($ELogs)
{ Write-Host "Processing..."
ForEach ($Log in $ELogs)
{ If ($Log.InstanceId -eq 4624)
{ $ET = "Logon"
}
ElseIf ($Log.InstanceId -eq 4634)
{ $ET = "Logoff"
$user = $log.message| Find-Matches -Pattern "account name:"
}
Else
{ Continue
}
$Result += New-Object PSObject -Property @{
Time = $Log.TimeWritten
'Event Type' = $ET
User=$user