Last active
December 11, 2015 04:39
-
-
Save tkmtmkt/4547097 to your computer and use it in GitHub Desktop.
Windowsイベントログから起動/停止の履歴を抽出する
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-RestartLog { | |
| Get-EventLog System | | |
| ?{$_.Source -match '(USER32|EventLog)' -and 1074,1076,6005,6006,6008 -contains $_.EventId} | %{ | |
| $record = new-object PSObject -property @{ | |
| Time = $_.TimeGenerated | |
| EventId = $_.EventId | |
| } | |
| if ($Matches[1] -eq 'USER32') { | |
| $_.Message -split "`r`n" | ?{$_.Length -gt 0} | %{ | |
| $line = $_ -split ":(?!\\)",2 | |
| if ($line[0] -match "次の理由") {$line[0] = "理由"} | |
| add-member NoteProperty $line[0].trim() -InputObject $record $line[1].trim() | |
| } | |
| } else { | |
| add-member NoteProperty 'コメント' -InputObject $record $_.Message | |
| } | |
| $record | |
| } | select Time,EventId,シャットダウンの種類,理由,理由コード,コメント | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment