Hi All
I have the following line of code which checks the security event logs of various servers and puts the date/time, username and source host. I use this to query for events based on a username.
Foreach ($Serverin$S) {$Server; Get-WinEvent-ComputerName$Server-LognameSecurity-FilterXPath"*[System[TimeCreated[timediff(@SystemTime) <= 3600000]] and EventData[Data[@Name='TargetUserName']='$User']]"|Select-ObjectTimeCreated,@{Name='User Name';Expression={$_.Properties[0].Value}},@{Name='Source Host';Expression={$_.Properties[1].Value}} |export-csv-append-path$LogName}
Apologies for the length of line, I'm not sure how I would split this down to make it more readable.
My question is, can anyone help me add:
'client address' - IP address of source
'Computer' - name of computer event is on
'Event Id'
I'm not sure about how to workout the format for an item listed in the 'Select Object'. I tried using Select-Object * to see if I could workout how to get the item I was looking for but... it didn't workout.
Any help greatly appreciated.
Thanks.
Pete.